Independent – Page 175 – Computer Security Articles

Credit to Author: SSD / Ori Nimron| Date: Mon, 20 Aug 2018 06:00:52 +0000

Vulnerability Summary VirtualBox has a built-in RDP server which provides access to a guest machine. While the RDP client sees the guest OS, the RDP server runs on the host OS. Therefore, to view the guest OS the RDP client will make a connection to the host OS IP address rather than the guest OS … Continue reading SSD Advisory – VirtualBox VRDP Guest-to-Host Escape

Independent Krebs

August 17, 2018 admin

Indian Bank Hit in $13.5M Cyberheist After FBI ATM Cashout Warning

Credit to Author: BrianKrebs| Date: Fri, 17 Aug 2018 19:27:10 +0000

On Sunday, Aug. 12, KrebsOnSecurity carried an exclusive: The FBI was warning banks about an imminent “ATM cashout” scheme about to unfold across the globe, thanks to a data breach at an unknown financial institution. On Aug. 14, a bank in India disclosed hackers had broken into its servers, stealing nearly $2 million in fraudulent bank transfers and $11.5 million unauthorized ATM withdrawals from more than two dozen cash machines across multiple countries.

ComputerWorld Independent

August 17, 2018 admin

2 undocumented patches from Microsoft may solve the 1803 TLS 1.2 blocking problem

Credit to Author: Woody Leonhard| Date: Fri, 17 Aug 2018 09:42:00 -0700

Microsoft’s KB 4458166, released on Tuesday, explains that the push to Win10 version 1803 has been halted for machines running .Net applications that use the TLS 1.2 security protocol. Presumably, effective Tuesday, if you have a Win10 1709 or 1703 machine that’s running one of those programs (including, notably, QuickBooks Desktop), Microsoft won’t try to push 1803 on it.

To read this article in full, please click here

ComputerWorld Independent

August 17, 2018 admin

IBM, Maersk launch blockchain-based shipping platform with 94 early adopters

Credit to Author: Lucas Mearian| Date: Fri, 17 Aug 2018 08:51:00 -0700

After launching a proof of concept earlier this year, IBM and Maersk have unveiled TradeLens, the production version of an electronic ledger for tracking global shipments; the companies say they have 94 participants piloting the system, including more than 20 port and terminal operators.

The jointly developed electronic shipping ledger records details of cargo shipments as they leave their origin, arrive in ports, are shipped overseas and eventually received.

To read this article in full, please click here

Independent Krebs

August 16, 2018 admin

Hanging Up on Mobile in the Name of Security

Credit to Author: BrianKrebs| Date: Thu, 16 Aug 2018 17:01:36 +0000

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. Increasingly frequent, high-profile attacks like these are prompting some experts to say the surest way to safeguard one’s online accounts may be to disconnect them from the mobile providers entirely.

ComputerWorld Independent

August 16, 2018 admin

Throwback Thursday: How did…er, DIDN'T he do that?

Credit to Author: Sharky| Date: Thu, 16 Aug 2018 03:00:00 -0700

It’s 1977, and this network analyst pilot fish is working at a newly constructed data center — one with a big fence.

“The company had just gotten a new sense of needing physical security, so they had included a new, state-of-the-art security system,” says fish.

“It had electronic locks at a handful of doors in the building, a 10-foot-high fence with a motorized gate, and key-card reader stations by each of the locked doors and the gate.”

One day, company needs to bring a new communications line up between the data center and an office 10 miles away. Fish’s team leader decides the best way to do this without disrupting the users is to have fish go to the remote office at 4:30 a.m., while his team leader goes to the data center.

To read this article in full, please click here

Independent Securiteam

August 15, 2018 admin

SSD Advisory – Linux Kernel AF_PACKET Use After Free (packet_sock)

Credit to Author: SSD / Ori Nimron| Date: Wed, 15 Aug 2018 05:26:28 +0000

Vulnerability Summary UAF vulnerability in Linux Kernel’s implementation of AF_PACKET leads to privilege escalation. AF_PACKET sockets allow users to send or receive packets on the device driver level, which lets them implement their own protocol on top of the physical layer or sniffing packets including Ethernet and higher levels protocol and higher levels of the … Continue reading SSD Advisory – Linux Kernel AF_PACKET Use After Free (packet_sock)

ComputerWorld Independent

August 15, 2018 admin

Patch Tuesday fallout: Bad docs, but so far no major problems

Credit to Author: Woody Leonhard| Date: Wed, 15 Aug 2018 08:46:00 -0700

Microsoft may have fixed July’s horrible, no good, very bad patches. Although the initial documentation for this month’s patches included warnings about many of the bugs that persisted from July, it ends up that the docs were wrong, and most of the known problems seem to be fixed.

As of early Reboot Wednesday morning, the patches seem to be behaving themselves. Of course, it frequently takes days or even weeks for bugs to appear, so you’d be well advised to avoid jumping into the unpaid battle zone for now.

To read this article in full, please click here