Sunday, May 3, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

ComputerWorld

ComputerWorldIndependent
admin

Pence used private mail for state work as governor; account was hacked

Credit to Author: John Ribeiro| Date: Fri, 03 Mar 2017 03:06:00 -0800

U.S. Vice President Mike Pence reportedly used a private email account to transact state business when he was governor of Indiana, and his AOL account was hacked once, according to a news report.

Emails released to the Indianapolis Star following a public records request are said to show that Pence used his personal AOL account to communicate with his top advisers on issues ranging from security gates at the governor’s residence to the state’s response to terror attacks across the globe.

A hacker seems to have got access to his email account in June, and sent a fake mail to people on the former governor’s contact list, claiming that Pence and his wife had been attacked on their way back to their hotel in the Philippines, according to the report. Pence subsequently changed his AOL account.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Slack bug paved the way for a hack that can steal user access

Credit to Author: Michael Kan| Date: Thu, 02 Mar 2017 12:36:00 -0800

One bug in Slack, the popular work chat application, was enough for a security researcher to design a hack that could trick users into handing over access to their accounts.

Bug bounty hunter Frans Rosen noticed he could steal Slack access tokens to user accounts due to a flaw in the way the application communicates data in an internet browser.

“Slack missed an important step when using a technology called postMessage,” Rosen said on Wednesday in an email.  

PostMessage is a kind of command that can let separate browser windows communicate with each other. In Slack, it’s used whenever the chat application opens a new window to enable a voice call.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Free decryption tools now available for Dharma ransomware

Credit to Author: Lucian Constantin| Date: Thu, 02 Mar 2017 12:24:00 -0800

Computer users who have been affected by the Dharma ransomware and have held onto their encrypted files can now restore them for free. Researchers have created decryption tools for this ransomware strain after someone recently leaked the decryption keys.

Dharma first appeared in November and is based on an older ransomware program known as Crysis. It’s easy to recognize files affected by it because they will have the extension: .[email_address].dharma, where the email address is the one used by the attacker as a point of contact.

On Wednesday, a user named gektar published a link to a Pastebin post on the BleepingComputer.com technical support forum. The post, he claimed, contained the decryption keys for all Dharma variants.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Chrome for MacOS to block rogue ad injections and settings changes

Credit to Author: Lucian Constantin| Date: Thu, 02 Mar 2017 07:46:00 -0800

Google has expanded its Safe Browsing service, allowing Google Chrome on macOS to better protect users from programs that locally inject ads into web pages or that change the browser’s home page and search settings.

The Safe Browsing service is used by Google’s search engine, as well as by Google Chrome and Mozilla Firefox, to block users from accessing websites that host malicious code or malicious software. Chrome also uses the service to scan downloaded files and to block users from executing those that are flagged as malicious.

“Safe Browsing is broadening its protection of macOS devices, enabling safer browsing experiences by improving defenses against unwanted software and malware targeting macOS,” Google said in a blog post Wednesday. “As a result, macOS users may start seeing more warnings when they navigate to dangerous sites or download dangerous files.”

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

FCC halts data security rules

Credit to Author: John Ribeiro| Date: Thu, 02 Mar 2017 03:59:00 -0800

The U.S. Federal Communications Commission has halted new rules that would require high-speed internet providers to take ‘reasonable’ steps to protect customer data.

In a 2-1 vote that went along party lines, the FCC voted Wednesday to stay temporarily one part of privacy rules passed in October that would give consumers the right to decide how their data is used and shared by broadband providers.

The rules include the requirement that internet service providers should obtain “opt-in” consent from consumers to use and share sensitive information such as geolocation and web browsing history, and also give customers the option to opt out from the sharing of non-sensitive information such as email addresses or service tier information.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Yahoo execs botched response to 2014 breach, investigation finds

Credit to Author: Michael Kan| Date: Thu, 02 Mar 2017 03:42:00 -0800

If your company has experienced a data breach, it’s probably a good idea to thoroughly investigate it promptly.

Unfortunately, Yahoo didn’t, according to a new internal investigation. The internet pioneer, which reported a massive data breach involving 500 million user accounts in September, knew an intrusion had occurred back in 2014, but allegedly botched its response.

The findings were made in a Yahoo securities exchange filing on Wednesday that offered more details about the 2014 breach, which the company has blamed on a state-sponsored hacker.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Old Windows malware may have infected 132 Android apps

Credit to Author: Michael Kan| Date: Wed, 01 Mar 2017 13:59:00 -0800

More than 130 Android apps on the Google Play store have been found to contain malicious coding, possibly because the developers were using infected computers, according to security researchers.

The 132 apps were found generating hidden iframes, or an HTML document embedded inside a webpage, linking to two domains that have hosted malware, according to security firm Palo Alto Networks.

Google has already removed the apps from its Play store. But what’s interesting is the developers behind the apps probably aren’t to blame for including the malicious code, Palo Alto Networks said in a Wednesday blog post.

To read this article in full or to leave a comment, please click here

Read More