Saturday, March 28, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Independent

ComputerWorldIndependent
admin

Facebook's data debacle is a wake-up call for Android users

Credit to Author: JR Raphael| Date: Thu, 05 Apr 2018 09:06:00 -0700

Whew. This whole Facebook data mess sure is spiraling into quite the fiasco, isn’t it?

Seems every day lately, there’s some new shocking twist to how everyone’s personal data was used (and abused) without their knowledge. While much of the issue revolves around Facebook itself and practices that are out of our control, there’s an angle that ties in directly to Android — and it’s one that’s important to think through, whether you use Facebook or not.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Microsoft jiggles — but doesn’t fix — buggy Win7 patches KB 4088875, KB 4088878

Credit to Author: Woody Leonhard| Date: Thu, 05 Apr 2018 06:17:00 -0700

Last night we were treated to new versions of the badly banged-up March Win7 patches. It looks like the new ones are the same as the old ones, but the internal handling instructions (the metadata) now force installation of a “Total Meltdown” fix-up patch prior to installing the old patch.

Of course, none of this is documented anywhere.

Starting with Günter Born’s report, and checking the Microsoft Update Catalog, I can see modified versions of:

To read this article in full, please click here

Read More
IndependentKrebs
admin

Dot-cm Typosquatting Sites Visited 12M Times So Far in 2018

Credit to Author: BrianKrebs| Date: Wed, 04 Apr 2018 13:02:37 +0000

A story published here last week warned readers about a vast network of potentially malicious Web sites ending in “.cm” that mimic some of the world’s most popular Internet destinations (e.g. espn[dot]cm, aol[dot]cm and itunes[dot].cm) in a bid to bombard hapless visitors with fake security alerts that can lock up one’s computer. If that piece lacked one key detail it was insight into just how many people were mistyping .com and ending up at one of these so-called “typosquatting” domains. On March 30, an eagle-eyed reader noted that four years of access logs for the entire network of more than 1,000 dot-cm typosquatting domains were available for download directly from the typosquatting network’s own hosting provider. The logs — which include detailed records of how many people visited the sites over the past three years and from where — were deleted shortly after that comment was posted here, but not before KrebsOnSecurity managed to grab a copy of the entire archive for analysis.

Read More
IndependentKrebs
admin

Panerabread.com Leaks Millions of Customer Records

Credit to Author: BrianKrebs| Date: Mon, 02 Apr 2018 21:37:51 +0000

Panerabread.com, the Web site for the American chain of bakery-cafe fast casual restaurants by the same name, leaked millions of customer records — including names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number — for at least eight months before it was yanked offline earlier today, KrebsOnSecurity has learned. The data available in plain text from Panera’s site appeared to include records for any customer who has signed up for an account to order food online via panerabread.com. The St. Louis-based company, which has more than 2,100 retail locations in the United States and Canada, allows customers to order food online for pickup in stores or for delivery.

Read More
ComputerWorldIndependent
admin

Windows patches for Total Meltdown, bluescreens, an IP stopper — and little documentation

Credit to Author: Woody Leonhard| Date: Mon, 02 Apr 2018 07:33:00 -0700

As many of us were getting ready for the holiday weekend, after the surprise announcement about Windows being torn into three pieces, Microsoft shoveled yet another load of patches out the Automatic Update chute. Think of it as the software equivalent of a Friday night news dump.

A destructive fix for Total Meltdown

KB 4100480 kicked off the two days from patching purgatory with a Windows 7/Server 2008R2 kernel update for CVE-2018-1038, the “Total Meltdown” bug Microsoft introduced in Win7 back in January. Total Meltdown, you may recall, is a huge security hole implemented by all of these Microsoft security patches:

To read this article in full, please click here

Read More
IndependentKrebs
admin

Coinhive Exposé Prompts Cancer Research Fundraiser

Credit to Author: BrianKrebs| Date: Fri, 30 Mar 2018 17:55:56 +0000

A story published here this week revealed the real-life identity behind the original creator of Coinhive — a controversial cryptocurrency mining service that several security firms have recently labeled the most ubiquitous malware threat on the Internet today. In an unusual form of protest against that story, members of a popular German language image-posting board founded by the Coinhive creator have vented their dismay by donating tens of thousands of euros to local charities that support cancer research. On Monday KrebsOnSecurity published Who and What is Coinhive, an in-depth story which proved that the founder of Coinhive was indeed the founder of the German image hosting and discussion forum pr0gramm[dot]com (not safe for work). I undertook the research because Coinhive’s code primarily is found on tens of thousands of hacked Web sites, and because the until-recently anonymous Coinhive operator(s) have been reluctant to take steps that might curb the widespread abuse of their platform.

Read More
ComputerWorldIndependent
admin

Facial recognition tech moves from smartphones to the boardroom

Credit to Author: Lucas Mearian| Date: Fri, 30 Mar 2018 03:03:00 -0700

Facial recognition technology, which has begun to gain traction on mobile devices like the iPhone X and various Android smartphones, could soon show up at work – and at the airport.

The technology uses a person’s face to authenticate their identity,  making it a potentially important security tool.

In 2015, Google launched its “Trusted Face” feature as part of its Android 5.0 Lollipop update. Trusted Face, part of Android’s Smart Lock technology, works in the same way as Apple’s Face ID, which replaced the Touch ID fingerprint reader on the iPhone X.

To read this article in full, please click here

Read More
IndependentKrebs
admin

Omitting the “o” in .com Could Be Costly

Credit to Author: BrianKrebs| Date: Thu, 29 Mar 2018 13:08:16 +0000

Take care when typing a domain name into a browser address bar, because it’s far too easy to fat-finger a key and wind up somewhere you don’t want to go. For example, if you try to visit some of the most popular destinations on the Web but omit the “o” in .com (and type .cm instead), there’s a good chance your browser will be bombarded with malware alerts and other misleading messages — potentially even causing your computer to lock up completely. As it happens, many of these domains appear tied to a marketing company whose CEO is a convicted felon and once self-proclaimed “Spam King.”

Read More