Independent – Page 178 – Computer Security Articles

Credit to Author: BrianKrebs| Date: Fri, 03 Aug 2018 15:48:53 +0000

TCM Bank, a company that helps more than 750 small and community U.S. banks issue credit cards to their account holders, said a Web site misconfiguration exposed the names, addresses, dates of birth and Social Security numbers of thousands of people who applied for cards between early March 2017 and mid-July 2018. TCM is a subsidiary of Washington, D.C.-based ICBA Bancard Inc., which helps community banks provide a credit card option to their customers using bank-branded cards.

ComputerWorld Independent

August 3, 2018 admin

Windows updaters express frustrations. Microsoft responds.

Credit to Author: Woody Leonhard| Date: Fri, 03 Aug 2018 08:56:00 -0700

No doubt you recall patching guru Susan Bradley’s open letter to Microsoft brass, summarizing the results of her Windows update survey. The results were quite damning in many ways, with complaints about the quality and frequency of patches topping the list.

Microsoft has responded to the open letter in a rather roundabout way. Two days after Computerworld posted the open letter, Bradley received an email that says:

To read this article in full, please click here

Independent Securiteam

August 2, 2018 admin

SSD Advisory – Infiniband Linux Driver UAF

Credit to Author: SSD / Ori Nimron| Date: Thu, 02 Aug 2018 12:10:25 +0000

Vulnerability Summary A bug in the threads synchronization of Infiniband Driver can cause an Use After Free. A struct that is allocated and free’d by a thread, is accessible through a second thread. If the second thread is calling the function “idr_find” before the struct was free’d by the first thread, then he can still … Continue reading SSD Advisory – Infiniband Linux Driver UAF

Independent Krebs

August 2, 2018 admin

The Year Targeted Phishing Went Mainstream

Credit to Author: BrianKrebs| Date: Thu, 02 Aug 2018 15:11:45 +0000

A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. And with good reason — sex sells (the second most-read piece here was my 2015 scoop about the Ashley Madison hack). But beneath the lurid allure of both stories lies a more unsettling reality: It has never been easier for scam artists to launch convincing, targeted phishing and extortion scams that are automated on a global scale. And given the sheer volume of hacked and stolen personal data now available online, it seems almost certain we will soon witness many variations on these phishing campaigns that leverage customized data elements to enhance their effectiveness.

Independent Krebs

August 1, 2018 admin

Reddit Breach Highlights Limits of SMS-Based Authentication

Credit to Author: BrianKrebs| Date: Thu, 02 Aug 2018 00:55:17 +0000

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe. What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security.

ComputerWorld Independent

August 1, 2018 admin

Brush up on your IT skills with this comprehensive CompTIA training bundle

Credit to Author: DealPost Team| Date: Wed, 01 Aug 2018 10:27:00 -0700

Whether you’re a veteran Cloud professional with numerous IT certifications, or you’ve just started your career after earning an A+, it’s always in your best interest to stay up-to-date with the fundamentals. The Complete 2018 CompTIA Certification Training Bundle includes 12 courses covering several CompTIA exams, so you can stay sharp and potentially add another notch to your belt of IT certifications. It’s available on sale today for $59.

To read this article in full, please click here

ComputerWorld Independent

August 1, 2018 admin

Apple users ‘most appealing’ to cybercriminals' online scams

Credit to Author: Jonny Evans| Date: Wed, 01 Aug 2018 06:17:00 -0700

Apple’s platforms may be the most secure, but this is driving cybercriminals to more devious ways to undermine iOS and Mac security — partly because hacked Apple user credentials are among the most valuable properties you’ll find on the so-called dark web.

A complex crime

There is no doubt at all that Apple is growing in the enterprise, which is why every iOS or macOS user needs to understand that the new cyber threats aren’t confined to annoying viruses, trojans, or malware attacks.

Enterprise security chiefs are becoming increasingly aware that network, device, location-based, and user security must also be seen as part of the mix. Platform security is only one element to an overall security picture.

To read this article in full, please click here

ComputerWorld Independent

August 1, 2018 admin

Conversation hijacking attacks | Salted Hash Ep 38

Troy Gill, manager of security research at AppRiver, explains conversation hijacking attacks, or CHAs, with host Steve Ragan, including who is typically targeted and how to prevent them.