Friday, May 1, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

ComputerWorld

ComputerWorldIndependent
admin

Samsung's squashing of Tizen smart-TV bugs is turning messy

Credit to Author: Agam Shah| Date: Fri, 07 Apr 2017 11:08:00 -0700

After 40 critical vulnerabilities on Samsung’s Tizen — used in smart TVs and smartwatches — were exposed this week by Israeli researcher Amihai Neiderman, the company is scrambling to patch them.

But Samsung still doesn’t know many of the bugs that need to be patched. It’s also unclear when Tizen devices will get security patches, or if older Tizen devices will even get OS updates to squash the bugs.

Beyond Samsung’s smart TVs, Tizen is also used in wearables like Gear S3 and handsets like Samsung’s Z-series phones, which have sold well in India. Samsung wants to put Tizen in a range of appliances and IoT devices. Tizen also has been forked to be used in Raspberry Pi.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

U.S. lawmakers demand to know how many residents are under surveillance

Credit to Author: Grant Gross| Date: Fri, 07 Apr 2017 10:33:00 -0700

Two powerful U.S. lawmakers are pushing President Donald Trump’s administration to tell them how many of the country’s residents are under surveillance by the National Security Agency.

In a letter sent Friday, Representatives Bob Goodlatte and John Conyers Jr. asked the Office of the Director of National Intelligence (ODNI) to provide an estimate of the number of U.S. residents whose communications are swept up in NSA surveillance of foreign targets. Goodlatte, a Republican, is chairman of the House Judiciary Committee, and Conyers is the committee’s senior Democrat.

Committee members have been seeking an estimate of the surveillance numbers from the ODNI for a year now. Other lawmakers have been asking for the surveillance numbers since 2011, but ODNI has failed to provide them.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

What C-level leaders need to know about cybersecurity

Credit to Author: Matt Hamblen| Date: Fri, 07 Apr 2017 10:04:00 -0700

Despite the scale and potential harm from cyber-attacks, there’s wide recognition that corporate leaders, especially boards of directors, aren’t taking the necessary actions to defend their companies against such attacks. It’s not just a problem of finding the right cyber-defense tools and services, but also one of management awareness and security acumen at the highest level, namely corporate boards.

“Our country and its businesses and government agencies of all sizes are under attack from a variety of aggressive adversaries and we are generally unprepared to manage and fend off these threats,” said Gartner analyst Avivah Litan, a longtime cybersecurity consultant to many organizations.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Apache Struts 2 exploit allows ransomware on servers

Credit to Author: Lucian Constantin| Date: Thu, 06 Apr 2017 13:43:00 -0700

Attackers are exploiting a vulnerability patched last month in the Apache Struts web development framework to install ransomware on servers.

The SANS Internet Storm Center issued an alert Thursday, saying an attack campaign is compromising Windows servers through a vulnerability tracked as CVE-2017-5638.

The flaw is located in the Jakarta Multipart parser in Apache Struts 2 and allows attackers to execute system commands with the privileges of the user running the web server process.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

U.S. trade lobbying group attacked by suspected Chinese hackers

Credit to Author: Grant Gross| Date: Thu, 06 Apr 2017 11:02:00 -0700

A group of what appears to be Chinese hackers infiltrated a U.S. trade-focused lobbying group as the two countries wrestle with how they treat imports of each other’s goods and services.

The APT10 Chinese hacking group appears to be behind a “strategic web compromise” in late February and early March at the National Foreign Trade Council, according to security vendor Fidelis Cybersecurity.

The NFTC lobbies for open and fair trade and has pledged to work with U.S. President Donald Trump to “find ways to address Chinese policies that frustrate access to their market and undermine fair trade, while at the same time encouraging a positive trend in our trade relationship.” Trump will meet with China President Xi Jinping in Florida this week.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

F-Secure buys Little Flocker to combat macOS ransomware

Credit to Author: Lucian Constantin| Date: Thu, 06 Apr 2017 08:07:00 -0700

With attacks against Mac users growing in number and sophistication, endpoint security vendor F-Secure has acquired Little Flocker, a macOS application that provides behavior-based protection against ransomware and other malicious programs.

Little Flocker can be used to enforce strict access controls to a Mac’s files and directories as well as its webcam, microphone and other resources. It’s particularly effective against ransomware, spyware, computer Trojans and other malicious programs that attempt to steal, encrypt or destroy files.

F-Secure plans to integrate Little Flocker, which it calls “the most advanced security technology available for Macs,” into its new Xfence technology. Xfence is designed to  add behavioral-based protection to its existing endpoint security products for macOS.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Top 5 email security best practices to prevent malware distribution

Credit to Author: Ryan Francis| Date: Thu, 06 Apr 2017 06:29:00 -0700

A trusted channel
email encryption

Image by Thinkstock

Email is a critical enterprise communication tool synonymous with sending important documents quickly and efficiently between employees, managers, HR, finance, sales, legal, customers, supply chain and more. That said, organizations often don’t understand that the file types used every day to share important information – standard files like Word docs, Excel spreadsheets and PDFs – are also the most common attack vectors widely used for the distribution of malware. For cybercriminals, it’s often too easy to target a user with a spoofed email or phishing attack, and trick them into opening an infected attachment that appears to be legitimate.

To read this article in full or to leave a comment, please click here

Read More

(Insider Story)

Read More