RSS Reader for Computer Security Articles
Credit to Author: BrianKrebs| Date: Wed, 30 Oct 2019 20:47:34 +0000
Top domain name registrars NetworkSolutions.com, Register.com and Web.com are asking customers to reset their passwords after discovering an intrusion in August 2019 in which customer account information was accessed.
Read More
Link-Local Multicast Name Resolution could enable a man-in-the-middle attack, so it’s best to disable the protocol when setting up Windows Server 2019.
Credit to Author: BrianKrebs| Date: Tue, 29 Oct 2019 21:47:58 +0000
Reporting on the exposure of some 26 million stolen credit cards leaked from a top underground cybercrime store highlighted some persistent and hard truths. Most notably, that the world’s largest financial institutions tend to have a much better idea of which merchants and bank cards have been breached than do the thousands of smaller banks and credit unions across the United States. Also, a great deal of cybercrime seems to be perpetrated by a relatively small number of people.
Read More
Credit to Author: Woody Leonhard| Date: Tue, 29 Oct 2019 12:18:00 -0700
October started out on an extraordinarily low note. On Oct. 3, Microsoft released an “out of band” security update to protect all Windows users from an Internet Explorer scripting engine bug, CVE-2019-1367, once thought to be an imminent danger to all things (and all versions) Windows.
It was the third attempt to fix that security hole and each of the versions brought its own set of bugs.
Credit to Author: Insider Pro staff| Date: Tue, 29 Oct 2019 04:59:00 -0700
Insider Pro is teaming up with CertNexus to offer subscribers access to an online course that leads to a Certified IoT Security Practitioner (CIoTSP) certification.
Read More
Credit to Author: Sharky| Date: Mon, 28 Oct 2019 03:00:00 -0700
Pilot fish and his help desk colleagues do a lot of password resets and have learned that it’s best to sympathize with the callers and normalize forgetting those strings of letters, numbers and symbols. It can happen to anybody is the message.
But some forgetfulness is more normal than others, finds fish, who told one user, “I’m going to reset your password to your last name, with the first letter capitalized.”
Reports fish: “He said, ‘Wait a minute. Let me get a pencil and paper to write that down.
“I then spelled his last name for him and reminded him to capitalize the first letter. He thanked me and hung up the phone.
“Surreal doesn’t even begin to describe how this felt!”
Credit to Author: Sharky| Date: Fri, 25 Oct 2019 03:00:00 -0700
This pilot fish builds a lot of Linux systems that have to be compliant with U.S. Department of Defense/Defense Information Systems Agency STIG security requirements, but he tries to lessen the pain by assigning root passwords that are secure but easily remembered. Naturally, he sends them to the owner via encrypted email.
When the Nvidia driver in one of those machines gets corrupted after the system goes down hard in a power outage, fish needs root access to reinstall the driver. Unfortunately, the user of that machine (who, just incidentally, had ignored the warnings about that planned power outage) has no recollection of the root password, and he can’t get it from his email. Why? He has uninstalled all his old encryption certs, so older encrypted emails can no longer be decrypted.
Credit to Author: BrianKrebs| Date: Fri, 25 Oct 2019 00:50:44 +0000
When NY based cloud payroll provider MyPayrollHR unexpectedly shuttered its doors last month and disappeared with $26 million worth of customer payroll deposits, its payments processor Cachet Financial Services ended up funding the bank accounts of MyPayrollHR client company employees anyway, graciously eating a $26 million loss which it is now suing to recover.
Read More