Sunday, March 22, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Independent

ComputerWorldIndependent
admin

Throwback Thursday: Pick a card, any card …

Credit to Author: Sharky| Date: Thu, 07 Feb 2019 03:00:00 -0800

This conglomerate is structured as several smaller companies, with a big central IT organization plus individual IT groups in some of the companies, reports an IT pilot fish there.

“An IT staffer from one of the companies loaded a password cracker and proceeded to crack the Windows NT servers,” fish says. “He sent out emails bragging about how insecure NT was and giving the NT team a hard time.”

Fish isn’t on the NT team, but he and his security co-workers decide to strike back on behalf of their colleagues — and they do it through the central IT audit group, to make sure it’s all above board.

First, they supply the audit people with a list of more than 100 Unix servers, and get them to pick a server at random. Amazingly, the audit group picks the only server on the list that belongs to the company where the NT attack originated.

To read this article in full, please click here

Read More
IndependentKrebs
admin

More Alleged SIM Swappers Face Justice

Credit to Author: BrianKrebs| Date: Wed, 06 Feb 2019 05:50:07 +0000

Prosecutors in Northern California have charged two men with using unauthorized SIM swaps to steal and extort money from victims. One of the individuals charged allegedly used a hacker nickname belonging to a key figure in the underground who’s built a solid reputation hijacking mobile phone numbers for profit. According to indictments unsealed this week, Tucson, Ariz. resident Ahmad Wagaafe Hared and Matthew Gene Ditman of Las Vegas were part of a group that specialized in tricking or bribing representatives at the major wireless providers into giving them control over phone numbers belonging to people they later targeted for extortion and theft.

Read More
IndependentKrebs
admin

Crooks Continue to Exploit GoDaddy Hole

Credit to Author: BrianKrebs| Date: Mon, 04 Feb 2019 19:12:25 +0000

Godaddy.com, the world’s largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains. But several more recent malware spam campaigns suggest GoDaddy’s fix hasn’t gone far enough, and that scammers likely still have a sizable arsenal of hijacked GoDaddy domains at their disposal.

Read More
ComputerWorldIndependent
admin

The January Windows and Office patches are good to go

Credit to Author: Woody Leonhard| Date: Fri, 01 Feb 2019 09:15:00 -0800

Compared to some months last year, January has been a Microsoft patching cakewalk. We had several rounds of close calls and missed calls, as I posted earlier this week, but almost everything is cleared up.

We’ve seen a few more problems raise their ugly heads in the past few days:

  • Microsoft has confirmed that the latest version of Office Click-to-Run (which you’re likely using if you have Office 365) makes the conversation window disappear in Skype for Business 2016.
  • The Windows 8.1 Monthly Rollup, KB 4480963, breaks the Live Migration feature on older AMD Opteron machines. We’re still waiting for confirmation on that one.
  • Citrix confirms (but Microsoft hasn’t acknowledged) that the latest Win10 1803 cumulative update, KB 4480976, causes page file problems when the page file isn’t sitting on C:. More details on Tenforums.

Those are typical Microsoft edge-use bugs: They don’t affect many people, but if you’re one of the stuckees, you’re up the ol’ creek.

To read this article in full, please click here

Read More
IndependentKrebs
admin

250 Webstresser Users to Face Legal Action

Credit to Author: BrianKrebs| Date: Fri, 01 Feb 2019 13:43:59 +0000

More than 250 customers of a popular and powerful online attack-for-hire service that was dismantled by authorities in 2018 are expected to face legal action for the damage they caused, according to Europol, the European Union’s law enforcement agency. In April 2018, investigators in the U.S., U.K. and the Netherlands took down attack-for-hire service WebStresser[.]org and arrested its alleged administrators. Prior to the takedown, the service had more than 151,000 registered users and was responsible for launching some four million attacks over three years. Now, those same authorities are targeting people who paid the service to conduct attacks.

Read More
ComputerWorldIndependent
admin

Microsoft Patch Alert: January patches include a reprisal of KB 4023057 and a swarm of lesser bugs

Credit to Author: Woody Leonhard| Date: Wed, 30 Jan 2019 09:12:00 -0800

In general, the January patches look relatively benign, but for some folks in some situations they can bite. Hard.

On the surface we’ve seen the usual Patch Tuesday Cumulative Updates and secondary Cumulative Updates for all versions of Windows 10. Microsoft calls the secondary Cumulative Updates “optional” because you only get them if you click “Check for updates.”

Windows 7 and 8.1 got their usual Monthly Rollups, but there’s a problem. Specifically, this month’s Win7 Monthly Rollup has a couple of bugs that are only fixed if you install the preview of February’s Monthly Rollup. Which makes no sense at all, but that’s Microsoft. There’s another Win7 Monthly Rollup bug that’s fixed by installing a different “silver bullet” patch.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

It's a hack!

Credit to Author: Sharky| Date: Wed, 30 Jan 2019 03:00:00 -0800

It’s a few years after Y2K, and this pilot fish has overall responsibility for all things related to his company’s website.

“Like most corporations, our company had a policy that computers and laptops were to be used only for company business, along with policies governing the appropriate use of the internet in the work environment,” fish says.

“After arriving at work one morning, I opened my email to find a frantic message from our CEO to me and our internet security manager, stating that our website had been hacked.”

The big boss knows this is the case because there are spammy images and text on the home page, among other issues. Not surprisingly, the CEO is adamant that this must be resolved ASAP.

To read this article in full, please click here

Read More