Independent – Page 103 – Computer Security Articles

Credit to Author: Preston Gralla| Date: Thu, 09 Jan 2020 10:18:00 -0800

When Iran launches cyberattacks in revenge for the killing of Major Gen. Qasem Soleimani — which it almost certainly will do — the attack vector, as always, will be Windows. And when that happens, your PC and your business’s PCs will be right in the crosshairs. Here’s why — and how you can protect your machines and your business.

A long history of U.S.-Iranian cyberwarfare

To understand the coming cyberattacks, it’s useful to look back. For more than a decade, the U.S. and Iran have engaged in low-level cyberwarfare, with occasional bursts of higher-level attacks. The most destructive of them was Stuxnet, launched in 2009 by the U.S. and Israel against Iran’s nuclear program. It exploited four zero-day flaws in Windows machines, which controlled the centrifuges Iran used to create nuclear material that can be used in nuclear weapons.

To read this article in full, please click here

ComputerWorld Independent

January 8, 2020 admin

Apple wants privacy laws to protect its users

Credit to Author: Jonny Evans| Date: Wed, 08 Jan 2020 06:54:00 -0800

Your iPhone (like most smartphones) knows when it is picked up, what you do with it, who you call, where you go, who you know – and a bunch more personal information, too.

The snag with your device knowing all this information is that once the data is understood, that information can be shared or even used against you.

Information is power

Jane Horvath, Apple’s senior director for global privacy, appeared at CES 2020 this week to discuss the company’s approach to smartphone security. She stressed the company’s opposition to the creation of software backdoors into devices, and also said:

To read this article in full, please click here

ComputerWorld Independent

January 8, 2020 admin

Apple’s wants privacy laws to protect its users

Credit to Author: Jonny Evans| Date: Wed, 08 Jan 2020 06:54:00 -0800

Your iPhone (like most smartphones) knows when it is picked up, what you do with it, who you call, where you go, who you know – and a bunch more personal information, too.

Information is power

The snag with your device knowing all this information is that once the data is understood than that information can be shared or even used against you.

Jane Horvath, Apple’s senior director for global privacy, appeared at CES 2012 to discuss the company’s approach to smartphone security.

To read this article in full, please click here

ComputerWorld Independent

January 8, 2020 admin

How to fix insecure LDAP binds

Prevent Windows admin credentials from being exposed in cleartext with this tip.

Independent Krebs

January 7, 2020 admin

Tricky Phish Angles for Persistence, Not Passwords

Credit to Author: BrianKrebs| Date: Tue, 07 Jan 2020 21:35:40 +0000

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service. Anyone who takes the bait will inadvertently forward a digital token to the attackers that gives them indefinite access to the victim’s email, files and contacts — even after the victim has changed their password.

ComputerWorld Independent

January 7, 2020 admin

FAQ: Last-minute answers about Windows 7's post-retirement patches

Credit to Author: Gregg Keizer| Date: Tue, 07 Jan 2020 04:53:00 -0800

A week from now, Microsoft will serve customers with the last for-free Windows 7 security update, in effect retiring the 2009 operating system.

However, hundreds of millions of personal computers will still power up thanks to Windows 7 on Jan. 14, and for an indeterminate timespan after that date. Windows 7 may be retiring, but it’s not disappearing.

Microsoft admitted as much more than a year ago when it announced Extended Security Updates (ESU), a program for commercial customers who needed more time to ditch Windows 7. ESU would provide patches for some security vulnerabilities for as long as three years. For a fee.

To read this article in full, please click here

(Insider Story)

Independent Krebs

January 6, 2020 admin

The Hidden Cost of Ransomware: Wholesale Password Theft

Credit to Author: BrianKrebs| Date: Mon, 06 Jan 2020 18:17:21 +0000

Organizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network. But all too often, ransomware victims fail to grasp that the crooks behind these attacks can and frequently do siphon every single password stored on each infected endpoint. The result of this oversight may offer attackers a way back into the affected organization, access to financial and healthcare accounts, or — worse yet — key tools for attacking the victim’s various business partners and clients.

ComputerWorld Independent

January 6, 2020 admin

Microsoft Patch Alert: December patches hang Win7 Pro endpoints and force Server 2012 reboots

Credit to Author: Woody Leonhard| Date: Mon, 06 Jan 2020 09:55:00 -0800

It was the kind of month admins dread: Mysterious problems on hundreds of machines, with no apparent cause or cure. Toss in the holidays, and we had a whole lot of Mr. and Ms. Grinches in the industry.

Fortunately, it looks like the problems have been sorted out at this point. Individual users had many fewer problems. Microsoft’s left and right hands still aren’t talking on the 1909 team, but what else is new…

Win7 hang on ‘Preparing to configure Windows’

Microsoft dropped a new Servicing Stack Update for Windows 7 on Dec. 10, and it gummed up the works for many. Here’s a good summary on Reddit from poster Djaesthetic:

To read this article in full, please click here