Independent – Page 172 – Computer Security Articles

Credit to Author: Sharky| Date: Mon, 10 Sep 2018 03:00:00 -0700

IT contractor has a project to upgrade some software for a client — and the project is way behind schedule, says a pilot fish on the client side.

And why is that such a problem? “The existing product goes End-of-Life soon, at which time it will no longer be an approved product for us,” fish explains.

“The contractor’s people come in and pitch their schedule to upper management. In the briefing, they bring up the fact that the new product is not even approved to be on our highly secured network, and they have not even started on getting it approved.

“Essentially, if they have to get it approved, they can never get it deployed on time.

To read this article in full, please click here

Independent Krebs

September 6, 2018 admin

Leader of DDoS-for-Hire Gang Pleads Guilty to Bomb Threats

Credit to Author: BrianKrebs| Date: Thu, 06 Sep 2018 15:51:13 +0000

A 19-year-old man from the United Kingdom who headed a cybercriminal group whose motto was “Feds Can’t Touch Us” pleaded guilty this week to making bomb threats against thousands of schools. On Aug. 31, officers with the U.K.’s National Crime Agency (NCA) arrested Hertfordshire resident George Duke-Cohan, who admitted making bomb threats to thousands of schools and a United Airlines flight traveling from the U.K. to San Francisco last month.

ComputerWorld Independent

September 6, 2018 admin

Throwback Thursday: Well, trial and error IS a mechanism

Credit to Author: Sharky| Date: Thu, 06 Sep 2018 03:00:00 -0700

New regulations go into effect requiring more physical and electronic security at this health insurance company, so the company hires a chief security officer to oversee the efforts, says a pilot fish there.

“I was involved in the original security implementation on most of the systems and offered to help, but the new CSO refused our input,” fish says. “He put keycard access on the computer room and UPS room and confiscated any physical keys he could find.

“When asked what would happen if the keycard system went down, he responded that ‘mechanisms are in place,'” fish recalls.

Soon, only three people have physical keys: the CSO, chief financial officer and facilities manager.

To read this article in full, please click here

Independent Krebs

September 5, 2018 admin

Browser Extensions: Are They Worth the Risk?

Credit to Author: BrianKrebs| Date: Wed, 05 Sep 2018 22:55:08 +0000

Popular file-sharing site Mega.nz is warning users that cybercriminals hacked its browser extension for Google Chrome so that any usernames and passwords submitted through the browser were copied and forwarded to a rogue server in Ukraine. This attack serves as a fresh reminder that legitimate browser extensions can and periodically do fall into the wrong hands, and that it makes good security sense to limit your exposure to such attacks by getting rid of extensions that are no longer useful or actively maintained by developers.

ComputerWorld Independent

September 5, 2018 admin

Get caught up on your July and August Windows/Office patches

Credit to Author: Woody Leonhard| Date: Wed, 05 Sep 2018 12:29:00 -0700

With the arrival of “Fourth Week” patches on the last working day of August, and having had a few days to vet them, it looks as if we’re ready to release the cracklin’ Kraken.

The steaming pile of Windows Intel microcode patches

Microsoft continues to unleash microcode patches for Meltdown and Spectre (versions 1, 2, 3, 3a, 4, n for n >=4). You won’t get stung by any of them, unless you specifically go looking for trouble.

To read this article in full, please click here

Independent Krebs

September 4, 2018 admin

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Credit to Author: BrianKrebs| Date: Tue, 04 Sep 2018 17:22:41 +0000

mSpy, the makers of a software-as-a-service product that claims to help more than a million paying customers spy on the mobile devices of their kids and partners, has leaked millions of sensitive records online, including passwords, call logs, text messages, contacts, notes and location data secretly collected from phones running the stealthy spyware. Less than a week ago, security researcher Nitish Shah directed KrebsOnSecurity to an open database on the Web that allowed anyone to query up-to-the-minute mSpy records for both customer transactions at mSpy’s site and for mobile phone data collected by mSpy’s software. The database required no authentication.

Independent Krebs

September 2, 2018 admin

Alleged ‘Satori’ IoT Botnet Operator Sought Media Spotlight, Got Indicted

Credit to Author: BrianKrebs| Date: Mon, 03 Sep 2018 02:31:35 +0000

A 20-year-old from Vancouver, Washington was indicted last week on federal hacking charges and for allegedly operating the “Satori” botnet, a malware strain unleashed last year that infected hundreds of thousands of wireless routers and other “Internet of Things” (IoT) devices. This outcome is hardly surprising given that the accused’s alleged alter ego has been relentless in seeking media attention for this global crime machine.

ComputerWorld Independent

August 31, 2018 admin

VirusTotal Intelligence, a search engine for malware | Salted Hash Ep 45

In this episode, host Steve Ragan talks with Karl Hiramoto, technical solutions consultant for VirusTotal, maker of VirusTotal Intelligence, a searchable detection tool for malware.