Independent – Page 164 – Computer Security Articles

Credit to Author: SSD / Ori Nimron| Date: Mon, 29 Oct 2018 09:23:16 +0000

Vulnerabilities Summary The vulnerability exists in the AppCache subsystem in Chrome Versions 69.0 and before. This code is located in the privileged browser process outside of the sandbox. The renderer interacts with this subsystem by sending IPC messages from the renderer to the browser process. These messages can cause the browser to make network requests, … Continue reading SSD Advisory – Chrome AppCache Subsystem SBX by utilizing a Use After Free

Independent Securiteam

October 29, 2018 admin

SSD Advisory – Chrome Type Confusion in JSCreateObject Operation to RCE

Credit to Author: SSD / Ori Nimron| Date: Mon, 29 Oct 2018 09:21:47 +0000

Vulnerabilities Summary The following advisory discusses a vulnerability found in turbofan, the JIT compiler. We can trigger the JavaScript code in a way that leads to type confusion that can be exploited in order to execute code remotely on Google Chrome Versions 69.0 and before. Vendor Response Vendor has fixed the issue in Google Chrome … Continue reading SSD Advisory – Chrome Type Confusion in JSCreateObject Operation to RCE

Independent Krebs

October 29, 2018 admin

Mirai Co-Author Gets 6 Months Confinement, $8.6M in Fines for Rutgers Attacks

Credit to Author: BrianKrebs| Date: Fri, 26 Oct 2018 20:36:21 +0000

The convicted co-author of the highly disruptive Mirai botnet malware strain has been sentenced to 2,500 hours of community service, six months home confinement, and ordered to pay $8.6 million in restitution for repeatedly using Mirai to take down Internet services at Rutgers University, his former alma mater.

Independent Krebs

October 29, 2018 admin

How Do You Fight a $12B Fraud Problem? One Scammer at a Time

Credit to Author: BrianKrebs| Date: Thu, 25 Oct 2018 16:11:57 +0000

The fraudsters behind the often laughable Nigerian prince email scams have long since branched out into far more serious and lucrative forms of fraud, including account takeovers, phishing, dating scams, and malware deployment. Combating such a multifarious menace can seem daunting, but in truth it calls for concerted efforts to tackle the problem from many different angles. This post examines the work of a large, private group of volunteers dedicated to doing just that.

ComputerWorld Independent

October 29, 2018 admin

Regulating the IoT: A conversation with Bruce Schneier | Salted Hash Ep 49

Security expert and author Bruce Schneier talks with senior writer J.M. Porup about that widespread use of connected chips — allowing hackers to access cars, refrigerators, toys and soon, even more home consumer items.

ComputerWorld Independent

October 26, 2018 admin

Well, do you trust 'em or don't you?

Credit to Author: Sharky| Date: Fri, 26 Oct 2018 03:00:00 -0700

Flashback a few decades to the days when this pilot fish is a supervisor in the call center for a big mail-order PC company.

“Our agents were privy to a customer’s credit card information right in the call tracking system,” says fish. “We trusted 600 agents with nearly unlimited access to this customer information without ever a single theft from our people.”

But the call center manager decides the operation needs a way to approve replacement parts to be shipped to customers.

That leads to a new process: When a call-center agent is sending a simple part — say, a new mouse or inexpensive sound card — the agent types in his badge number, then must turn his head to get his supervisor’s attention.

To read this article in full, please click here

ComputerWorld Independent

October 25, 2018 admin

Apple appears to have blocked GrayKey iPhone hacking tool

Credit to Author: Lucas Mearian| Date: Thu, 25 Oct 2018 14:09:00 -0700

Apple has apparently been able to permanently block de-encryption technology from a mysterious Atlanta-based company whose blackbox device was embraced by government agencies to bypass iPhone passcodes.

Atlanta-based Grayshift is one of two companies that claimed it could thwart Apple iPhone passcode security through brute-force attacks.

The blackbox technology purportedly worked, as Grayshift’s technology was snapped up by regional law enforcement and won contracts with Immigration and Customs Enforcement (ICE) and the U.S. Secret Service.

Another vendor, Israel-based Cellebrite, also discovered a way to unlock encrypted iPhones running iOS 11 and marketed its product to law enforcement and private forensics firms around the world. According to a police warrant obtained by Forbes, the U.S. Department of Homeland Security tested the technology.

To read this article in full, please click here

ComputerWorld Independent

October 25, 2018 admin

Win10 1803 big bug bash KB 4462933 joins earlier versions, a week late to the party

Credit to Author: Woody Leonhard| Date: Thu, 25 Oct 2018 06:45:00 -0700

Back on Oct. 18, a “C Week” Thursday, Microsoft released hefty rounds of bug fixes for Win10 1607, 1703 and 1709. At the time, I wondered out loud why the latest (unyanked) version of Win10, version 1803, didn’t get a similar dose. Now, on a “D Week” Wednesday, it looks like we’ve seen the deluge.

To read this article in full, please click here