Enterprise Applications – Page 2 – Computer Security Articles

Credit to Author: Gregg Keizer| Date: Mon, 24 Apr 2017 11:49:00 -0700

When Microsoft asked customers last week for feedback on the portal that just replaced the decades-long practice of delivering detailed security bulletins, it got an earful from unhappy users.

“Hate hate hate the new security bulletin format. HATE,” emphasized Janelle 322 in a support forum where Microsoft urged customers to post thoughts on the change. “I now have to manually transcribe this information to my spreadsheet to disseminate to my customers. You have just added 8 hours to my workload. Thanks for nothing.”

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

Email-based attacks exploit unpatched vulnerability in Microsoft Word

April 10, 2017 admin Enterprise Applications, Malware & Vulnerabilities, Security, Windows 10

Credit to Author: Lucian Constantin| Date: Mon, 10 Apr 2017 08:08:00 -0700

Attackers have been exploiting an unpatched vulnerability in Microsoft Word for the past few months to compromise computers and infect them with malware.

The first report about the attacks came Friday from antivirus vendor McAfee after the company’s researchers analyzed some suspicious Word files spotted a day earlier. It turned out that the files were exploiting a vulnerability that affects “all Microsoft Office versions, including the latest Office 2016 running on Windows 10.”

The flaw is related to the Windows Object Linking and Embedding (OLE) feature in Microsoft Office that allows documents to embed references and links to other documents or objects, the McAfee researchers said in a blog post.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

Smackdown: Office 365 vs. G Suite management

April 6, 2017 admin Collaboration, Enterprise Applications, IDG Insider, IT Management, Security

Credit to Author: Galen Gruman| Date: Thu, 06 Apr 2017 04:43:00 -0700

When you choose a productivity platform like Microsoft’s Office 365 or Google’s G Suite, the main focus is on the platform’s functionality: Does it do the job you need?

To read this article in full or to leave a comment, please click here

(Insider Story)

ComputerWorld Independent

How much are vendor security assurances worth after the CIA leaks?

March 13, 2017 admin Application Development, Application Security, Enterprise Applications, Mobile Security, Security

Credit to Author: Lucian Constantin| Date: Mon, 13 Mar 2017 08:40:00 -0700

Following the recent revelations about the U.S. Central Intelligence Agency’s cyberespionage arsenal, software vendors reiterated their commitments to fix vulnerabilities in a timely manner and told users that many of the flaws described in the agency’s leaked documents have been fixed.

While these assurances are understandable from a public relations perspective, they don’t really change anything, especially for companies and users that are the target of state-sponsored hackers. The software they use is not less safe, nor better protected, than it was before WikiLeaks published the 8,700-plus CIA documents last Tuesday.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

CA to acquire security testing firm Veracode for $614M

March 7, 2017 admin Application Development, Enterprise Applications, Security

Credit to Author: John Ribeiro| Date: Tue, 07 Mar 2017 03:58:00 -0800

CA Technologies is acquiring application security testing company Veracode for $614 million in cash, in a bid to broaden its development and testing offering for enterprises and app developers.

The acquisition is expected to be completed by the second quarter of this year.

Privately held Veracode has offices in Burlington, Mass. and London, and employs over 500 people worldwide. The company has around 1,400 small and large customers.

Offering a software-as-a-service platform, Veracode is focused on technologies that let developers improve the security of applications from inception through production.

“Embedding security into the software development lifecycle and making it an automated part of the continuous delivery process means that developers can write code without the hassles of a manual and fragmented approach to security,” CA president and chief product officer Ayman Sayed wrote in a blog post.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

Pence used private mail for state work as governor; account was hacked

March 3, 2017 admin Enterprise Applications, Government IT, Security

Credit to Author: John Ribeiro| Date: Fri, 03 Mar 2017 03:06:00 -0800

U.S. Vice President Mike Pence reportedly used a private email account to transact state business when he was governor of Indiana, and his AOL account was hacked once, according to a news report.

Emails released to the Indianapolis Star following a public records request are said to show that Pence used his personal AOL account to communicate with his top advisers on issues ranging from security gates at the governor’s residence to the state’s response to terror attacks across the globe.

A hacker seems to have got access to his email account in June, and sent a fake mail to people on the former governor’s contact list, claiming that Pence and his wife had been attacked on their way back to their hotel in the Philippines, according to the report. Pence subsequently changed his AOL account.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

Slack bug paved the way for a hack that can steal user access

March 2, 2017 admin Application Development, Enterprise Applications, Security

Credit to Author: Michael Kan| Date: Thu, 02 Mar 2017 12:36:00 -0800

One bug in Slack, the popular work chat application, was enough for a security researcher to design a hack that could trick users into handing over access to their accounts.

Bug bounty hunter Frans Rosen noticed he could steal Slack access tokens to user accounts due to a flaw in the way the application communicates data in an internet browser.

“Slack missed an important step when using a technology called postMessage,” Rosen said on Wednesday in an email.

PostMessage is a kind of command that can let separate browser windows communicate with each other. In Slack, it’s used whenever the chat application opens a new window to enable a voice call.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

Malware distributors switch to less suspicious file types

February 6, 2017 admin Enterprise Applications, Malware & Vulnerabilities, Security

After aggressively using JavaScript email attachments to distribute malware for the past year, attackers are now switching to less suspicious file types to trick users.

Last week, researchers from the Microsoft Malware Protection Center warned about a new wave of spam emails that carried malicious .LNK files inside ZIP archives. Those files had malicious PowerShell scripts attached to them.

PowerShell is a scripting language for automating Windows system administration tasks. It has been abused to download malware in the past and there are even malware programs written entirely in PowerShell.

To read this article in full or to leave a comment, please click here