ComputerWorld – Page 193 – Computer Security Articles

Credit to Author: Grant Gross| Date: Wed, 01 Mar 2017 12:05:00 -0800

Any reform of a controversial U.S. law allowing the National Security Agency to spy on people overseas will likely focus on its impact on U.S. residents, without curbing its use elsewhere.

Section 702 of the Foreign Intelligence Surveillance Act (FISA) expires on Dec. 31, and some digital rights groups are calling on Congress to overhaul the law to protect the privacy of residents of both the U.S. and other countries. Congress will almost certainly extend the provision in some form.

But a congressional hearing on Wednesday focused largely on the NSA’s “inadvertent” collection of U.S. residents’ data, with little time given to the privacy concerns of people overseas.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 1, 2017 admin

Robots are just as plagued by security vulnerabilities as IoT devices

Credit to Author: Lucian Constantin| Date: Wed, 01 Mar 2017 08:29:00 -0800

An analysis of robots used in homes, businesses and industrial installations has revealed many of the same basic weaknesses that are common in IoT devices, raising questions about security implications for human safety.

The robotics industry has already seen significant growth in recent years and will only further accelerate. Robots are expected to serve in many roles, from assisting people in homes, stores and medical facilities, to manufacturing in factories and even handling security and law enforcement tasks.

“When you think of robots as computers with arms, legs or wheels, they become kinetic IoT devices that, if hacked, can pose new serious threats we have never encountered before,” researchers from cybersecurity consultancy firm IOActive said in a new report.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 1, 2017 admin

Dridex: First banking Trojan with AtomBombing to better evade detection

Credit to Author: Darlene Storm| Date: Wed, 01 Mar 2017 07:38:00 -0800

The Dridex Trojan, one of the most destructive banking Trojans, has been upgraded with a new injection method so the malware is even better at evading detection.

The newest version of Dridex, v4, is now the first banking Trojan to take advantage of AtomBombing, according to report by IBM X-Force. Unlike some of the more common code injection techniques, AtomBombing is meant to evade security solutions. Once one organized cybercrime gang successfully pulls off a slick trick, other cyber thugs are expected to adopt the method.

“In this release,” the researchers wrote, “we noted that special attention was given to dodging antivirus (AV) products and hindering research by adopting a series of enhanced anti-research and anti-AV capabilities.”

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

February 28, 2017 admin

This tool can help you discover Cisco Smart Install protocol abuse

Credit to Author: Lucian Constantin| Date: Tue, 28 Feb 2017 09:01:00 -0800

For the past few weeks attackers have been probing networks for switches that can potentially be hijacked using the Cisco Smart Install (SMI) protocol. Researchers from Cisco’s Talos team have now released a tool that allows network owners to discover devices that might be vulnerable to such attacks.

The Cisco SMI protocol is used for so-called zero-touch deployment of new devices, primarily access layer switches running Cisco IOS or IOS XE software. The protocol allows newly installed switches to automatically download their configuration via SMI from an existing switch or router configured as an integrated branch director (IBD).

The director can copy the client’s startup-config file or replace it with a custom one, can load a particular IOS image on the client and can execute high-privilege configuration mode commands on it. Because the SMI protocol does not support any authorization or authentication mechanism by default, attackers can potentially hijack SMI-enabled devices.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

February 28, 2017 admin

A better security strategy than ‘know your enemy’: Know your co-workers

Credit to Author: Evan Schuman| Date: Tue, 28 Feb 2017 08:51:00 -0800

Cyberthieves today know that it’s better to be sneaky and crafty than forceful. To be even more blunt, they know that it’s better to trick you into doing their work than to break in and do it themselves.

That trickery starts with ever-more-subtle ways to get you to click on an email attachment. A recent attack used an employee accomplice who was to flag any meetings with multiple people and note who was presenting. Within 30 minutes of one meeting’s end, the crooks sent an email attachment to everyone on the original email thread, with fake headers so that it appeared to be from the presenter. The email said, “Sorry, everyone. Here is the updated version of the slides from our 2 PM meeting.” Even an especially security-conscious person could get pulled into clicking on that one.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

February 28, 2017 admin

Here’s a new way to prevent cyberattacks on home devices

Credit to Author: Matt Hamblen| Date: Tue, 28 Feb 2017 05:57:00 -0800

BARCELONA — Homeowners worried about cybersecurity attacks on IP-connected devices like lights, baby monitors, home security systems and cameras, will soon be able to take advantage of a $200 network monitoring device called Dojo.

The device was shown at Mobile World Congress here this week and will go on sale online in April. While the Dojo device isn’t intended to provide enterprise-level security, it could be used to help, in a small way, in warding off massive attacks like the one that used the Mirai botnet which took advantage of unsecure, consumer-grade cameras and other devices last October.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

February 28, 2017 admin

This tiny chip could revolutionize smartphone and IOT security

Credit to Author: Martyn Williams| Date: Tue, 28 Feb 2017 04:43:00 -0800

Engineers at South Korea’s SK Telecom have developed a tiny chip that could help secure communications on a myriad of portable electronics and IOT devices.

The chip is just 5 millimeters square — smaller than a fingernail — and can generate mathematically provable random numbers. Such numbers are the basis for highly-secure encryption systems and producing them in such a small package hasn’t been possible until now.

The chip, on show at this week’s Mobile World Congress in Barcelona, could be in sample production as early as March this year and will cost a few dollars once in commercial production, said Sean Kwak, director at SK Telecom’s quantum technology lab.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

February 28, 2017 admin

Smart teddy bears involved in a contentious data breach

Credit to Author: Michael Kan| Date: Tue, 28 Feb 2017 05:09:00 -0800

If you own a stuffed animal from CloudPets, then you better change your password to the product. The toys — which can receive and send voice messages from children and parents — have been involved in a data breach involving more than 800,000 user accounts.

The breach, which grabbed headlines on Monday, is raising concerns from security researchers because it may have given hackers access to voice recordings from the toy’s customers. But the company behind the products, Spiral Toys, is denying that any customers were hacked.

“Were voice recordings stolen? Absolutely not,” said Mark Myers, CEO of the company.

Security researcher Troy Hunt, who tracks data breaches, brought the incident to light on Monday. Hackers appear to have accessed an exposed CloudPets’ database, which contained email addresses and hashed passwords, and they even sought to ransom the information back in January, he said in a blog post.

To read this article in full or to leave a comment, please click here