ComputerWorld – Page 163 – Computer Security Articles

Credit to Author: Lucian Constantin| Date: Fri, 05 May 2017 07:54:00 -0700

Over the past year, a group of attackers has managed to infect hundreds of computers belonging to government agencies with a malware framework stitched together from JavaScript code and publicly available tools.

The attack, analyzed by researchers from antivirus firm Bitdefender, shows that cyberespionage groups don’t necessarily need to invest a lot of money in developing unique and powerful malware programs to achieve their goals. In fact, the use of publicly available tools designed for system administration can increase an attack’s efficiency and makes it harder for security vendors to detect it and link it to a particular threat actor.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

May 4, 2017 admin

Google Docs phishing scam underscores OAuth security risks

Credit to Author: Michael Kan| Date: Thu, 04 May 2017 16:20:00 -0700

Google has stopped Wednesday’s clever email phishing scheme, but the attack may very well make a comeback.

One security researcher has already managed to replicate it, even as Google is trying to protect users from such attacks.

“It looks exactly like the original spoof,” said Matt Austin, director of security research at Contrast Security.

The phishing scheme — which may have circulated to 1 million Gmail users — is particularly effective because it fooled users with a dummy app that looked like Google Docs.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

May 4, 2017 admin

Microsoft asks Windows 10 Enterprise customers to test new anti-exploit tech

Credit to Author: Gregg Keizer| Date: Thu, 04 May 2017 12:58:00 -0700

Microsoft today asked enterprise customers to test a new anti-malware, anti-exploit technology in Windows 10’s baked-in browser.

Windows 10’s latest preview, tagged as build 16188 and released Thursday, includes Windows Defender Application Guard, a virtualization-based feature that isolates the contents of a tab in Edge, the OS’s default browser, from the rest of the system.

While Application Guard was announced in September, and went through limited testing in the months since, today marked its first appearance to all Insiders running Windows 10 Enterprise. Users must manually toggle on Application Guard from a setting dialog, then open a tab within Edge by selecting “New Application Guard Window” from the browser’s menu.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

May 4, 2017 admin

Cybercrime group abuses Windows app compatibility feature

Credit to Author: Lucian Constantin| Date: Thu, 04 May 2017 12:00:00 -0700

When Microsoft made it possible for enterprises to quickly resolve incompatibilities between their applications and new Windows versions, it didn’t intend to help malware authors as well. Yet, this feature is now abused by cybercriminals for stealthy and persistent malware infections.

The Windows Application Compatibility Infrastructure allows companies and application developers to create patches, known as shims. These consist of libraries that sit between applications and the OS and rewrite API calls and other attributes so that those programs can run well on newer versions of Windows.

Shims are temporary fixes that can make older programs work even if Microsoft changes how Windows does certain things under the hood. They can be deployed to computers through Group Policy and are loaded when the target applications start.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

May 4, 2017 admin

The BlackBerry KeyOne: A surprising phone with a hardware keyboard

The BlackBerry KeyOne packs in productivity features and is worth a look if you're in the market for a new phone. It's the first time BlackBerry's iconic keyboard has been paired with Android.

ComputerWorld Independent

May 4, 2017 admin

The BlackBerry KeyOne – a surprising phone with a hardware keyboard

The BlackBerry KeyOne packs in productivity features and is worth a look if you're in the market for a new phone. It's the first time BlackBerry's iconic keyboard has been paired with Android.

ComputerWorld Independent

May 4, 2017 admin

Sneaky Gmail phishing attack fools with fake Google Docs app

Credit to Author: Michael Kan| Date: Thu, 04 May 2017 03:51:00 -0700

Google Docs was pulled into a sneaky email phishing attack on Tuesday that was designed to trick users into giving up access to their Gmail accounts.

The phishing emails, which circulated for about three hours before Google stopped them, invited the recipient to open what appeared to be a Google Doc. The teaser was a blue box that said, “Open in Docs.”

In reality, the link led to a dummy app that asked users for permission to access their Gmail account.

screen shot 2017 05 03 at 2.38.57 pm — An example of the phishing email that circulated on Tuesday.
To read this article in full or to leave a comment, please click here

ComputerWorld Independent

May 3, 2017 admin

Face it: Enterprise cyberattacks are going to happen

Credit to Author: Matt Hamblen| Date: Wed, 03 May 2017 11:00:00 -0700

There are now so many cyberattacks that many enterprises simply accept that hackers and bad actors will find ways to break into their systems.

A strategy some large businesses have developed over the past two years has been to quickly identify and isolate these attacks, possibly by shutting down part of a system or network so the hackers won’t get days or weeks to root around and grab sensitive corporate data.

This enterprise focus on rapid detection and response to various attacks on networks and computers doesn’t replace conventional security tools to prevent attacks. Instead, businesses are relying on both prevention software and detection software.

To read this article in full or to leave a comment, please click here