ComputerWorld – Page 177 – Computer Security Articles

Credit to Author: Lucian Constantin| Date: Thu, 30 Mar 2017 08:11:00 -0700

A proof-of-concept exploit has been published for an unpatched vulnerability in Microsoft Internet Information Services 6.0, a version of the web server that’s no longer supported but still widely used.

The exploit allows attackers to execute malicious code on Windows servers running IIS 6.0 with the privileges of the user running the application. Extended support for this version of IIS ended in July 2015 along with support for its parent product, Windows Server 2003.

Even so, independent web server surveys suggest that IIS 6.0 still powers millions of public websites. In addition, many companies might still run web applications on Windows Server 2003 and IIS 6.0 inside their corporate networks, so this vulnerability could help attackers perform lateral movement if they access such networks through other means.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 30, 2017 admin

Three privacy tools that block your Internet provider from tracking you

Credit to Author: Ian Paul| Date: Wed, 29 Mar 2017 08:04:00 -0700

It’s official: Congress has sold you out to Internet service providers, passing a bill that dismantles Internet privacy rules and allows ISPs to sell your web history and other personal information without your permission. Assuming President Trump signs the bill into law, it means anyone concerned about privacy will have to protect themselves against over zealous data collection from their ISP.

Some privacy-conscious folks are already doing that—but many aren’t. If you want to keep your ISP from looking over your shoulder for data to sell to advertisers, here are three relatively simple actions you can take to get started.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 30, 2017 admin

Open-source developers targeted in sophisticated malware attack

Credit to Author: Lucian Constantin| Date: Thu, 30 Mar 2017 04:30:00 -0700

For the past few months, developers who publish their code on GitHub have been targeted in an attack campaign that uses a little-known but potent cyberespionage malware.

The attacks started in January and consisted of malicious emails specifically crafted to attract the attention of developers, such as requests for help with development projects and offers of payment for custom programming jobs.

The emails had .gz attachments that contained Word documents with malicious macro code attached. If allowed to execute, the macro code executed a PowerShell script that reached out to a remote server and downloaded a malware program known as Dimnie.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 30, 2017 admin

VMware patches critical virtual machine escape flaws

Credit to Author: Lucian Constantin| Date: Thu, 30 Mar 2017 03:53:00 -0700

VMware has released critical security patches for vulnerabilities demonstrated during the recent Pwn2Own hacking contest that could be exploited to escape from the isolation of virtual machines.

The patches fix four vulnerabilities that affect VMware ESXi, VMware Workstation Pro and Player and VMware Fusion.

Two of the vulnerabilities, tracked as CVE-2017-4902 and CVE-2017-4903 in the Common Vulnerabilities and Exposures database, were exploited by a team from Chinese internet security firm Qihoo 360 as part of an attack demonstrated two weeks ago at Pwn2Own.

The team’s exploit chain started with a compromise of Microsoft Edge, moved to the Windows kernel, and then exploited the two flaws to escape from a virtual machine and execute code on the host operating system. The researchers were awarded $105,000 for their feat.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 30, 2017 admin

Trump extends Obama executive order on cyberattacks

Credit to Author: Martyn Williams| Date: Thu, 30 Mar 2017 03:24:00 -0700

President Donald Trump is extending by one year special powers introduced by former President Barack Obama that allow the government to issue sanctions against people and organizations engaged in significant cyberattacks and cybercrime against the U.S.

Executive Order 13694 was introduced on April 1, 2015, and was due to expire on Saturday, but the president sent a letter to Congress on Wednesday evening saying he plans to keep the order active.

“Significant malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States, continue to pose an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States,” Trump wrote in the letter. “Therefore, I have determined that it is necessary to continue the national emergency declared in Executive Order 13694 with respect to significant malicious cyber-enabled activities.”

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 29, 2017 admin

New Mirai IoT variant launched 54-hour DDoS attack against a U.S. college

Credit to Author: Darlene Storm| Date: Wed, 29 Mar 2017 08:10:00 -0700

A new variant of the Mirai IoT malware was spotted in the wild when it launched a 54-hour DDoS attack against an unnamed U.S. college.

While the attack occurred on February 28, Imperva Incapsula is informing the world about it today. The researchers believe it is a new variant of Mirai, one that is “more adept at launching application layer assaults.”

The average traffic flow was 30,000 requests per second (RPS) and peaked at about 37,000 RPS, which the DDoS mitigation firm said was the most it has seen out of any Mirai botnet so far. “In total, the attack generated over 2.8 billion requests.”

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 29, 2017 admin

Trojan source code leak poised to spur new online banking attacks

Credit to Author: Lucian Constantin| Date: Wed, 29 Mar 2017 10:55:00 -0700

The source code for a new Trojan program that targets banking services has been published online, offering an easy way for unskilled cybercriminals to launch potent malware attacks against users.

The Trojan is called Nuclear Bot and first appeared for sale on underground cybercrime forums in early December for $2,500. It can steal and inject information from and into websites opened in Mozilla Firefox, Internet Explorer and Google Chrome and can also open a local proxy or hidden remote desktop service.

These are all features commonly seen in banking Trojans, as they’re used by attackers to bypass the security checks of online bank websites to perform fraud. For example, the proxy and remote desktop functionality allows hackers to initiate rogue transactions through the victims’ browsers after they have been tricked into providing the second authentication factor.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 29, 2017 admin

Privacy advocates plan to fight Congress' repeal of ISP privacy rules

Credit to Author: Grant Gross| Date: Wed, 29 Mar 2017 08:19:00 -0700

Privacy advocates haven’t given up the fight after Congress voted to allow ISPs to sell customers’ browsing histories and other personal information without their permission.

On Tuesday, the House of Representatives voted 215 to 205 to strike down ISP privacy regulations approved by the Federal Communications Commission only months ago. The House’s passage of a resolution of disapproval followed a Senate vote to pass the same resolution days earlier.

President Donald Trump is expected to sign the Republican-pushed bill. But Sen. Ed Markey, a Massachusetts Democrat, said he will introduce new legislation to require the FCC to pass new ISP privacy rules.

To read this article in full or to leave a comment, please click here