Independent – Page 180 – Computer Security Articles

Credit to Author: BrianKrebs| Date: Wed, 25 Jul 2018 22:20:46 +0000

Identity theft protection firm LifeLock — a company that’s built a name for itself based on the promise of helping consumers protect their identities online — may have actually exposed customers to additional attacks from ID thieves and phishers. The company just fixed a vulnerability on its Web site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts, or to unsubscribe users from all communications from the company. The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock’s brand. Of course, phishers could spam the entire world looking for LifeLock customers without the aid of this flaw, but nevertheless the design of the company’s site suggests that whoever put it together lacked a basic understanding of Web site authentication and security. The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock’s brand. Of course, phishers could spam the entire world looking for LifeLock customers without the aid of this flaw, but nevertheless the design of the company’s site suggests that whoever put it together it lacked a basic understanding of authentication and security.

ComputerWorld Independent

July 25, 2018 admin

The risks associated with global Internationalized Domain Names | Salted Hash Ep 36

Paul Vixie, CEO of Farsight Security, explains how global Internationalized Domain Names, or global IDNs, sparked the emergence of confusingly similar website addresses with nefarious goals — and how to combat them.

Independent Krebs

July 24, 2018 admin

Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M

Credit to Author: BrianKrebs| Date: Tue, 24 Jul 2018 13:38:12 +0000

Hackers used phishing emails to break into a Virginia bank in two separate cyber intrusions over an eight-month period, making off with more than $2.4 million total. Now the financial institution is suing its cybersecurity insurance provider for refusing to fully cover the losses.

ComputerWorld Independent

July 23, 2018 admin

The MacBook Pro’s T2 chip boosts enterprise security

Credit to Author: Jonny Evans| Date: Mon, 23 Jul 2018 06:51:00 -0700

You may have missed an all-new enterprise-focused feature woven inside of Apple’s all-new MacBook Pro – its new T2 chip which fundamentally enhances the security of these computers.

What is the T2 chip?

The successor to the T1, Apple’s T2 chip enables secure boot and encrypted storage on the machine. It first appeared on the iMac Pro.

What does the T2 chip do?

The most widely-reported task handled by the T2 chip is the provision of “Hey Siri” support for the first time on a Mac.

To read this article in full, please click here

ComputerWorld Independent

July 23, 2018 admin

July Windows .Net patches appear, disappear, reappear, disappear again

Credit to Author: Woody Leonhard| Date: Mon, 23 Jul 2018 05:15:00 -0700

Microsoft’s July 2018 series of patching missteps, with .Net security patches in particular, have left many admins in the lurch. Less than two weeks after they were first unleashed, poorly documented versions of the patches now appear to be available, but are not being actively pushed. There’s no indication from Microsoft if and/or when they’ll be fixed.

These patches, originally released on Patch Tuesday, July 10, are baring their FAANGs:

KB 4340556 — Security and Quality Rollup updates for .Net Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 and 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1
KB 4340557 — Security and Quality Rollup updates for .Net Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012
KB 4340558 — Security and Quality Rollup updates for .Net Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1, RT 8.1, and Server 2012 R2
KB 4340559 — Security and Quality Rollup updates for .Net Framework 2.0 SP2, 3.0 SP2, 4.5.2, and 4.6 for Windows Server 2008

The patches had been out for less than a day when we started seeing error reports on AskWoody. As I noted on July 12:

To read this article in full, please click here

Independent Krebs

July 23, 2018 admin

Google: Security Keys Neutralized Employee Phishing

Credit to Author: BrianKrebs| Date: Mon, 23 Jul 2018 11:34:38 +0000

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.

ComputerWorld Independent

July 23, 2018 admin

Nice to know our financial world is in safe hands

Credit to Author: Sharky| Date: Mon, 23 Jul 2018 03:00:00 -0700

This company is the target of a spear-phishing attack, but it doesn’t actually get very far, according to an IT pilot fish working there.

“It was the typical ‘CEO is out of the office and needs a wire transfer done right away’ message,” fish says.

“Our people are pretty good at spotting phishing attempts, and our administrative assistant was immediately suspicious because we do wire transfers approximately never. She strung the guy along over multiple emails and got all the transfer information — amount, routing number, account number and so on.

To read this article in full, please click here

ComputerWorld Independent

July 23, 2018 admin

Don't ignore application security | Salted Hash Ep 35

In this episode, Michael Feiertag, CEO and co-founder of tCell, joins host Steve Ragan to talk about why application security is more critical than ever and why it's just now getting more attention from security teams.