Monday, May 4, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

ComputerWorld

ComputerWorldIndependent
admin

Hard-to-detect fileless attacks target banks, other organizations

A wave of attacks that have recently affected banks and other enterprises used open-source penetration testing tools loaded directly into memory instead of traditional malware, making their detection much harder.

Researchers from antivirus vendor Kaspersky Lab started investigating these attacks after the security team from an unnamed bank found Meterpreter in the random access memory (RAM) of a server that acted as the organization’s Windows domain controller.

Meterpreter is an in-memory attack payload that can inject itself into other running processes and is used to establish persistency on a compromised system. It is part of the Metasploit penetration testing framework, a popular tool used both by internal security teams and by malicious hackers.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

IDG Contributor Network: Rapid7 demystifies penetration testing

In a surprisingly detailed 20+ page report titled “UNDER THE HOODIE: Actionable Research from Penetration Testing Engagements“, Rapid7 – provider of tools such as Metasploit and Nexpose – is sharing some very interesting insights into the choices being made by companies in their penetration testing and what the testers are uncovering. Released just moments ago, this research report provides details on:

  • how much organizations budget for pen testing engagements;
  • what information organizations are most interested in protecting, despite the recent uptick in online industrial espionage;
  • what percentage of sites are free of exploitable vulnerabilities;
  • the easiest ways for attackers to execute their attacks; and
  • how often pen tests successfully identify and exploit software vulnerabilities.

The statistics provided will likely help many companies refine or initiate their own penetration testing. The findings are based on 128 penetration tests that the company conducted in Q4 of 2016. They reveal many interesting details and some surprising details on testing choices such as:

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

'Invisible' memory-based malware hit over 140 banks, telecoms and government agencies

Cybercriminals have hit more than 40 countries with hidden malware that steals passwords and financial data. The malware is not found on hard drives as it hides in the memory of compromised computers, making it almost “invisible” as criminals exfiltrate system administrators’ credentials and other sensitive data. When a targeted machine is rebooted, nearly all traces of the malware disappear.

Over 140 enterprise networks – banks, government organizations and telecommunication companies – from 40 countries have been hit, according to Kaspersky Lab. The cybercriminals are using methods and sophisticated malware previously used by nation-state attackers.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

At Dulles, a security awareness success story

When Kjell Magne Bondevik, the former prime minister of Norway, was temporarily detained upon arriving at Dulles International Airport on Jan. 31, international controversy ensued.

The controversy was purely political, and while I do not support the executive order stopping people from seven countries from entering the U.S., Bondevik’s detention had nothing to do with that issue. Instead, he was detained for additional questioning under a 2015 law that requires people who visited any of the seven countries in question to obtain a visa prior to entering the U.S., even if they are from a country that does not normally require a visa for entrance to the U.S. The law was put in place in the aftermath of the Paris attacks. Whether or not the law is just is not relevant to this discussion.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Mac malware, possibly made in Iran, targets U.S. defense industry

Just because you’re using a Mac doesn’t mean you’re safe from hackers. That’s what two security researchers are warning, after finding a Mac-based malware that may be an attempt by Iranian hackers to target the U.S. defense industry.

The malware, called MacDownloader, was found on a website impersonating the U.S. aerospace company United Technologies, according to a report from Claudio Guarnieri and Collin Anderson, who are researching Iranian cyberespionage threats.

The fake site was previously used in a spear-phishing email attack to spread Windows malware and is believed to be maintained by Iranian hackers, the researchers claimed.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Polish banks on alert after mystery malware found on computers

The discovery of malware on computers and servers of several Polish banks has put the country’s financial sector on alert over potential compromises.

Polish media reported last week that the IT security teams at many Polish banks have been busy recently searching their systems for a particular strain of malware after several unnamed banks found it on their computers.

It’s not clear what the malware’s end goal is, but in at least one case it was used to exfiltrate data from a bank’s computer to an external server. The nature of the stolen information could not be immediately determined because it was encrypted, Polish IT news blog Zaufana Trzecia Strona reported Friday.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Ransomware soars in 2016, while malware declines

A global cyberthreat report released Tuesday found that 2016 was a mixed bag: malware was down slightly, but ransomware attacks soared, up 167 times the number recorded in 2015.

In addition to that huge increase in ransomware, 2016 saw a new line of cybercrime from a large-scale DDoS attack through internet of things devices. The principal case occurred in October when the Mirai botnet attacked unprotected IoT devices, such as internet-ready cameras, resulting in a DDoS attack on Dyn servers.

The 2016 report, by cybersecurity company SonicWall, looked at data from daily network feeds sent from more than 1 million sensors in nearly 200 countries.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Dozens of iOS apps fail to secure users' data, vendor says

Dozens of iOS apps that are supposed to be encrypting their users’ data don’t do it properly, according to a security vendor.

Will Strafach, CEO of Sudo Security Group, said he found 76 iOS apps that are vulnerable to an attack that can intercept protected data.

The developers of the apps have accidentally misconfigured the networking-related code so it will accept an invalid Transport Layer Security (TLS) certificate, Strafach claimed in a Monday blog post.   

TLS is used to secure an app’s communication over an internet connection. Without it, a hacker can essentially eavesdrop over a network to spy on whatever data the app sends, such as login information.  

To read this article in full or to leave a comment, please click here

Read More