Independent – Page 197 – Computer Security Articles

Credit to Author: Woody Leonhard| Date: Thu, 19 Apr 2018 08:11:00 -0700

Last week, Microsoft quietly re-released its buggy April Win7 Monthly Rollup patch, KB 4093118. You may recall the patch as a reaction to the Carnak the Magnificent situation we had with the original version of KB 4093118.

With the re-release earlier this week of the original Carnak patch, KB 4099950, it’s not clear to me what the recommended installation sequence might be. But this much I know for sure. People all over the internet are complaining that this new version of KB 4093118 installs itself over and over again.

To read this article in full, please click here

ComputerWorld Independent

April 19, 2018 admin

Is it time to kill the pen test? | Salted Hash Ep 22

Host Steve Ragan reports from the show floor at RSA 2018, talking with guest Adrian Sanabria, director of research at Savage Security, about de-emphasizing network penetration tests to put more focus on attack simulations and helping companies improve their defenses.

Independent Securiteam

April 18, 2018 admin

SSD Advisory – Vigor ACS Unsafe Flex AMF Java Object Deserialization

Credit to Author: SSD / Noam Rathaus| Date: Wed, 18 Apr 2018 05:24:56 +0000

Vulnerability Summary A vulnerability in Vigor ACS allows unauthenticated users to cause the product to execute arbitrary code. VigorACS 2 “is a powerful centralized management software for Vigor Routers and VigorAPs, it is an integrated solution for configuring, monitoring, and maintenance of multiple Vigor devices from a single portal. VigorACS 2 is based on TR-069 … Continue reading SSD Advisory – Vigor ACS Unsafe Flex AMF Java Object Deserialization

ComputerWorld Independent

April 18, 2018 admin

How to use a strong passcode to better secure your iPhone

Credit to Author: Lucas Mearian| Date: Wed, 18 Apr 2018 12:32:00 -0700

With police departments and federal agencies lining up to buy technology from two companies whose products can bypass iPhone security mechanisms, experts said users concerned about privacy should use a strong passcode to help prevent unwanted access to data.

That’s also true for enterprise users with iPhones that access potentially sensitive coporate data.

Simply put, complex passcodes are always better for security, according to Phil Hochmuth, IDC’s program director for enterprise mobility. Common best practices for creating a hard-to-crack passcode includes using both upper- and lower-case characters, numbers and uncommon words.

To read this article in full, please click here

Independent Krebs

April 18, 2018 admin

A Sobering Look at Fake Online Reviews

Credit to Author: BrianKrebs| Date: Wed, 18 Apr 2018 16:08:36 +0000

In 2016, KrebsOnSecurity exposed a network of phony Web sites and fake online reviews that funneled those seeking help for drug and alcohol addiction toward rehab centers that were secretly affiliated with the Church of Scientology. Not long after the story ran, that network of bogus reviews disappeared from the Web. Over the past few months, however, the same prolific purveyor of these phantom sites and reviews appears to be back at it again, enlisting the help of Internet users and paying people $25-$35 for each fake listing.

ComputerWorld Independent

April 18, 2018 admin

Patches for Win10 1703 and 1607, and a brain-twisting update to the Win7 IP bug fix

Credit to Author: Woody Leonhard| Date: Wed, 18 Apr 2018 06:32:00 -0700

Yesterday, the third Tuesday of the month, Microsoft dumped another big bucket of patches:

KB 4093117 brings Win10 1703 up to build 15063.1058, many miscellaneous fixes, no known issues.
KB 4093120 brings Win10 1607 to build 14393.2214, a similarly large bunch of fixes, no known issues.
KB 4093113 is the regular Monthly Rollup Preview for Win7.
KB 4093121 is the similar Monthly Rollup Preview for Win 8.1.
The Update Catalog says there’s a new version of KB 4099950, the abandoned patch for fixing the NIC/static IP bug in Win7.

There are lots of oddities in this motley collection.

To read this article in full, please click here

ComputerWorld Independent

April 17, 2018 admin

Before you panic: 6 things to remember about Android security

Credit to Author: JR Raphael| Date: Tue, 17 Apr 2018 09:04:00 -0700

Android security sure can seem like a scary subject.

And it’s no wonder: Every few weeks, we see some new hair-raising headline about how our phones are almost certain to be possessed by demons that’ll steal our data, eat our ice cream, and pinch our tenders when we least expect it.

This week, it’s a series of Android malware monsters known as “ViperRat” and “Desert Scorpion” that has phone-holders everywhere trembling in their bootsies. (Kudos to whoever came up with those spooky-sounding names, by the way. It’s an art!) Last week, it was word that Android device-makers might be skipping security updates that had our hands a-shakin’.

To read this article in full, please click here

Independent Krebs

April 16, 2018 admin

Deleted Facebook Cybercrime Groups Had 300,000 Members

Credit to Author: BrianKrebs| Date: Mon, 16 Apr 2018 22:38:32 +0000

Hours after being alerted by KrebsOnSecurity, Facebook last week deleted almost 120 private discussion groups totaling more than 300,000 members who flagrantly promoted a host of illicit activities on the social media network’s platform. The scam groups facilitated a broad spectrum of shady activities, including spamming, wire fraud, account takeovers, phony tax refunds, 419 scams, denial-of-service attack-for-hire services and botnet creation tools. The average age of these groups on Facebook’s platform was two years.