Sunday, May 3, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

ComputerWorld

ComputerWorldIndependent
admin

Consumer Reports to grade tech products on security, privacy

Credit to Author: Michael Kan| Date: Mon, 06 Mar 2017 14:01:00 -0800

Consumer Reports, a major source for gadget and appliance reviews in the U.S., plans to start rating products on data security and privacy.

On Monday, the nonprofit publication unveiled a set of new testing standards it hopes will push the tech industry to create safer products.

“The goal is to help consumers understand which digital products do the most to protect their privacy and security, and give them the most control over their personal data,” the publication said.

Already, cybersecurity  experts are finding new tech products, whether they are cars or smart teddy bears, that are often poorly secured and easy to hack.  

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

U.S. drops child porn case to avoid disclosing Tor exploit

Credit to Author: Lucian Constantin| Date: Mon, 06 Mar 2017 07:04:00 -0800

The U.S. Department of Justice is asking a federal court to dismiss its indictment in a case that involves a child porn site known as Playpen, after a judge asked the government to disclose the hacking technique it used to gather evidence.

“The government must now choose between disclosure of classified information and dismissal of its indictment,” the DOJ said in a court filing Friday. “Disclosure is not currently an option.”

The case involves Jay Michaud, a school administrator from Vancouver, Wash., who was arrested in July 2015 for allegedly viewing child porn images on Playpen. Michaud’s case was one of at least 137 cases brought throughout the U.S. in relation to Playpen, a website that operated on the Tor anonymity network and which the FBI managed to seize in 2015.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

1.37 billion records leak after spammers forgot to password-protect backups

Credit to Author: Darlene Storm| Date: Mon, 06 Mar 2017 06:19:00 -0800

Nearly 1.4 billion people are affected by a database records leak caused by spamming group River City Media (RCM) forgetting to password-protect their backups.

Last week, MacKeeper security researcher Chris Vickery promised a “1.4 billion identity leak story” would be made public on Monday. The actual number of people affected – 1,374,159,612 – is slightly lower than that, but is nothing to scoff at.

Read More
ComputerWorldIndependent
admin

Okta acquires Stormpath to boost its identity services for developers

Credit to Author: Blair Hanley Frank| Date: Mon, 06 Mar 2017 06:18:00 -0800

Okta has acquired Stormpath, a company that provides authentication services for developers. The deal should help the identity provider improve its developer-facing capabilities.

Stormpath offered developers a set of tools for managing user logins for their apps. Rather than building a login system from scratch, developers could call the Stormpath API and have the company take care of it for them. Frederic Kerrest, Okta’s co-founder and chief operating officer, said that the acquisition should help his company build self-service capabilities for developers.

While Okta is probably best known for its identity and access management products aimed at businesses’ internal use, the company also operates a developer platform aimed at helping app developers handle user identity. Kerrest said that the developer capabilities are a fast-growing part of Okta’s business, but that its functionality could use some help. That’s where this acquisition comes in.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Review: vArmour flips security on its head

Credit to Author: John Breeden II| Date: Mon, 06 Mar 2017 04:45:00 -0800

Almost every cybersecurity program these days does some sort of scanning, sandboxing or traffic examination to look for anomalies that might indicate the presence of malware. We’ve even reviewed dedicated threat-hunting tools that ferret out malware that’s already active inside a network.

To read this article in full or to leave a comment, please click here

(Insider Story)

Read More
ComputerWorldIndependent
admin

Would killing Bitcoin end ransomware?

Credit to Author: Ryan Francis| Date: Fri, 03 Mar 2017 12:51:00 -0800

Ransomware is running rampant. The SonicWall GRID Threat Network detected an increase from 3.8 million ransomware attacks in 2015 to 638 million in 2016. According to a Radware report, 49 percent of businesses were hit by a ransomware attack in 2016. Quite often the attacker asks for some amount of cybercurrency – usually Bitcoin – in exchange for providing a decryption key.

To read this article in full or to leave a comment, please click here

(Insider Story)

Read More
ComputerWorldIndependent
admin

HackerOne offers bug bounty service for free to open-source projects

Credit to Author: Lucian Constantin| Date: Fri, 03 Mar 2017 12:41:00 -0800

HackerOne, the company behind one of the most popular vulnerability coordination and bug bounty platforms, has decided to make its professional service available to open-source projects for free.

“Here at HackerOne, open source runs through our veins,” the company’s representatives said in a blog post. “Our company, product, and approach is built on, inspired by, and driven by open source and a culture of collaborative software development. As such, we want to give something back.”

HackerOne is a platform that makes it easier for companies to interact with security researchers, triage their reports, and reward them. Very few companies have the necessary resources to build and maintain bug bounty programs on their own with all the logistics that such efforts involve, much less so open-source projects that are mostly funded through donations.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Fileless PowerShell malware uses DNS as covert channel

Credit to Author: Lucian Constantin| Date: Fri, 03 Mar 2017 09:20:00 -0800

Targeted attacks are moving away from traditional malware to stealthier techniques that involve abusing standard system tools and protocols, some of which are not always monitored.

The latest example is an attack dubbed DNSMessenger, which was analyzed by researchers from Cisco Systems’ Talos team. The attack starts with a malicious Microsoft Word document distributed through an email phishing campaign.

When opened, the file masquerades as a “protected document” secured by McAfee, an antivirus brand now owned by Intel Security. The user is asked to click on the ‘enable content’ button in order to view the document’s content, but doing so will actually execute malicious scripting embedded within.

To read this article in full or to leave a comment, please click here

Read More