RSS Reader for Computer Security Articles
Credit to Author: Brian Barrett| Date: Sun, 12 Mar 2017 12:00:44 +0000
The simplest thing you can do to make yourself just a little bit safer: Keep your firmware up to date. The post How to Update All Your Gear (For Safety!) appeared first on WIRED.
Read MoreCredit to Author: Brian Barrett| Date: Sun, 12 Mar 2017 12:00:44 +0000
The simplest thing you can do to make yourself just a little bit safer: Keep your firmware up to date. The post The Easiest Way To Protect Your Devices From Hacks? Keep Them Updated appeared first on WIRED.
Read More
Credit to Author: Michael Kan| Date: Wed, 08 Mar 2017 04:29:00 -0800
Thanks to WikiLeaks, antivirus vendors will soon be able to figure out if you have been hacked by the CIA.
On Tuesday, WikiLeaks dumped a trove of 8,700 documents that allegedly detail the CIA’s secret hacking operations, including spying tools designed for mobile phones, PCs and smart TVs.
WikiLeaks has redacted the source code from the files to prevent the distribution of cyber weapons, it said. Nevertheless, the document dump — if real — still exposes some of the techniques that the CIA has allegedly been using.
To read this article in full or to leave a comment, please click here
Credit to Author: Lucian Constantin| Date: Tue, 07 Mar 2017 08:37:00 -0800
A five-month-old flaw in Android’s SSL cryptographic libraries is among the 35 critical vulnerabilities Google fixed in its March security patches for the mobile OS.
The first set of patches, known as patch level 2017-03-01, is common to all patched phones and contains fixes for 36 vulnerabilities, 11 of which are rated critical and 15 high. Android vulnerabilities rated critical are those that can be exploited to execute malicious code in the context of a privileged process or the kernel, potentially leading to a full device compromise.
One of the patched vulnerabilities is located in the OpenSSL cryptographic library and also affects Google’s newer BoringSSL library, which is based on OpenSSL. What’s interesting is that the flaw, identified as CVE-2016-2182, was patched in OpenSSL back in September. It can be exploited by forcing the library to process an overly large certificate or certificate revocation list from an untrusted source.
To read this article in full or to leave a comment, please click here
Credit to Author: Nathan Collier| Date: Mon, 06 Mar 2017 16:00:28 +0000
 | |
| A lite version of the popular mobile app Facebook has been infected with Android/Trojan.Spy.FakePlay. Categories: Tags: AndroidfacebookFacebook LiteGoogleMobilemobile menace mondaytriple mtrojan |
The post Mobile Menace Monday: Facebook Lite infected with Spy FakePlay appeared first on Malwarebytes Labs.
Read More
Credit to Author: Michael Kan| Date: Wed, 01 Mar 2017 13:59:00 -0800
More than 130 Android apps on the Google Play store have been found to contain malicious coding, possibly because the developers were using infected computers, according to security researchers.
The 132 apps were found generating hidden iframes, or an HTML document embedded inside a webpage, linking to two domains that have hosted malware, according to security firm Palo Alto Networks.
Google has already removed the apps from its Play store. But what’s interesting is the developers behind the apps probably aren’t to blame for including the malicious code, Palo Alto Networks said in a Wednesday blog post.
To read this article in full or to leave a comment, please click here
Credit to Author: Malwarebytes Labs| Date: Mon, 27 Feb 2017 21:00:23 +0000
 | |
| A compilation of notable security news and blog posts from the 20th of February to the 27th of February. This week, we look back at tech support scams, tax tips, updating your social media privacy settings, and more. Categories: Tags: AndroiddronesGooglemalwarepasswordsteamspyweekly round up |
The post A week in security (Feb 20th – Feb 27th) appeared first on Malwarebytes Labs.
Read More
Credit to Author: Peter Sayer| Date: Mon, 27 Feb 2017 10:31:00 -0800
It sounds like a smartphone user’s worst fear: Software that starts up before the phone’s operating system, intercepting and encrypting every byte sent to or from the flash memory or the network interface.
This is not some new kind of ransomware, though. This is the D4 Secure Platform from Cog Systems.
The product grew out of custom security software the company developed for governments, and which it saw could also be put to use in the enterprise as a way to make smartphones more productive while still maintaining a high level of security.
It includes a Type 1 hypervisor, a virtualized VPN and additional storage encryption that wrap the standard Android OS in additional layers of protection largely invisible to the end user.
To read this article in full or to leave a comment, please click here