RSS Reader for Computer Security Articles
Credit to Author: Woody Leonhard| Date: Wed, 07 Nov 2018 16:08:00 -0800
Yesterday, Microsoft released ADV180028, Guidance for configuring BitLocker to enforce software encryption, in response to a clever crack published on Monday by Carlo Meijer and Bernard van Gastel at Radboud University in the Netherlands (PDF).
Credit to Author: BrianKrebs| Date: Wed, 07 Nov 2018 05:49:37 +0000
KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. Snippets from that fascinating conversation are recounted below, and punctuated by accounts from a recent victim who lost more than $100,000 after his mobile phone number was hijacked.
Read More
Credit to Author: SSD / Ori Nimron| Date: Sun, 04 Nov 2018 14:21:53 +0000
Vulnerability Summary The following advisory describes a vulnerability found in Symfony 3.4 – a PHP framework that is used to create websites and web applications. Built on top of the Symfony Components. Under certain conditions, the Symfony framework can be abused to trigger RCE in the HttpKernel (http-kernel) component, while forward() is considered by the … Continue reading SSD Advisory – Symfony Framework forward() Remote Code Execution
Read More
Credit to Author: BrianKrebs| Date: Sun, 04 Nov 2018 19:10:06 +0000
Crooks who hack online merchants to steal payment card data are constantly coming up with crafty ways to hide their malicious code on Web sites. In Internet ages past, this often meant obfuscating it as giant blobs of gibberish text that is obvious even to the untrained eye. These days, a compromised e-commerce site is more likely to be seeded with a tiny snippet of code that invokes a hostile domain which appears harmless or that is virtually indistinguishable from the hacked site’s own domain.
Read More
Credit to Author: BrianKrebs| Date: Fri, 02 Nov 2018 15:03:31 +0000
Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Recent arrests in Ohio shed light on how this scam works.
Read More
Credit to Author: BrianKrebs| Date: Thu, 01 Nov 2018 16:47:13 +0000
A year after offering free credit monitoring to all Americans on account of its massive data breach that exposed the personal information of nearly 148 million people, Equifax now says it has chosen to extend the offer by turning to a credit monitoring service offered by a top competitor — Experian. And to do that, it will soon be sharing with Experian contact information that affected consumers gave to Equifax in order to sign up for the service.
Read More
Credit to Author: Jonny Evans| Date: Thu, 01 Nov 2018 08:36:00 -0700
The usual suspects love to spend time claiming Siri lags other voice assistants in some ways, but they don’t seem to understand that Apple’s voice assistant is an enterprise product.
This is what happens when you use a voice search tool: You activate the assistant, it listens to what you say, identifies that a request is being made and sends that request to the cloud to be resolved and responded to.
This all happens pretty quickly and after a short delay your response arrives, or an action takes place.
Credit to Author: JR Raphael| Date: Tue, 30 Oct 2018 03:30:00 -0700
Google’s Smart Lock system for Chrome OS is one of those things that sounds spectacular on paper but then frequently falls flat in the real world.
You know about Smart Lock by now, right? It’s something Google created to turn your Android phone into a contact-free key for your Chromebook: Anytime the phone is close to the computer, Chrome OS will automatically detect its presence — and as long as the phone is unlocked, the laptop will let you skip the usual password prompt and hop right in with just a quick click on the sign-on screen.