RSS Reader for Computer Security Articles
Credit to Author: Woody Leonhard| Date: Mon, 12 Mar 2018 15:14:00 -0700
Microsoft has given us two messed-up patching months back to back, with January leaving blue screens and pandemonium in its wake, and February hitting the latest version of Windows 10 particularly hard. For those of you with some experience in the patching game, it’s more of the same-old same-old.
Credit to Author: Evan Schuman| Date: Mon, 12 Mar 2018 10:25:00 -0700
IT has enough to worry about with traditional data breach issues, but now researchers from Purdue University and the University of Iowa have found quite a few new security holes in the popular 4G mobile networks.
The potentially worst hole detailed in the study is an authentication synchronization failure attack. The danger? It allows bad guys to read incoming and outgoing messages from an employee, permits “stealthy denial” of selected services and “location of history poisoning,” which simply means it can manipulate location ready to give false information to systems using location for identity authentication.
Credit to Author: Jonny Evans| Date: Mon, 12 Mar 2018 05:56:00 -0700
Reputable anti-malware security vendor, Malwarebytes, is warning Mac users that malware attacks against the platform climbed 270 percent last year.
The security experts also warn that four new malware exploits targeting Macs have been identified in the first two months of 2018, noting that many of these exploits were identified by users, rather than security firms.
In one instance, a Mac user discovered that their DNS settings had been changed and found themselves unable to change them back.
This particular item of malware (OSX.MaMi) also installed a trusted root certificate on their Mac. The threat left the user vulnerable to fraudulent phishing websites posing as the real deal and man-in-the-middle attacks.
Credit to Author: SSD / Noam Rathaus| Date: Sun, 11 Mar 2018 10:51:34 +0000
Vulnerability Summary The following describes a vulnerability in VK Messenger that is triggered via the exploitation of improperly handled URI. VK (VKontakte; [..], meaning InContact) is “an online social media and social networking service. It is available in several languages. VK allows users to message each other publicly or privately, to create groups, public pages … Continue reading VK Messenger (VKontakte) vk:// URI Handler Commands Execution
Read More
Credit to Author: BrianKrebs| Date: Sun, 11 Mar 2018 18:51:08 +0000
A recent consumer survey suggests that half of all Americans still haven’t checked their credit report since the Equifax breach last year exposed the Social Security numbers, dates of birth, addresses and other personal information on nearly 150 million people. If you’re in that fifty percent, please make an effort to remedy that soon. Credit reports from the three major bureaus — Equifax, Experian and Trans Union — can be obtained online for free at annualcreditreport.com — the only Web site mandated by Congress to serve each American a free credit report every year.
Read More
Credit to Author: JR Raphael| Date: Thu, 08 Mar 2018 08:58:00 -0800
Google is slowly pulling back the curtains on its next-gen Android P release. Yesterday, we got our first glimpse at a work-in-progress, developer-focused preview of the software — and today, we’re getting a closer look at what exactly is new when it comes to Android P and the ever-evolving subject of Android security.
I had the chance to chat with Xiaowen Xin, Google’s Android platform security product manager, about some of the significant changes on the way with Android P. Here’s the inside scoop on what you can expect:
Credit to Author: BrianKrebs| Date: Thu, 08 Mar 2018 16:55:13 +0000
How good are you at telling the difference between domain names you know and trust and imposter or look-alike domains? The answer may depend on how familiar you are with the nuances of internationalized domain names (IDNs), as well as which browser or Web application you’re using. For example, how does your browser interpret the following domain? I’ll give you a hint: Despite appearances, it is most certainly not the actual domain for software firm CA Technologies (formerly Computer Associates Intl Inc.), which owns the original ca.com domain name: https://www.са.com/ Go ahead and click on the link above or cut-and-paste it into a browser address bar. If you’re using Google Chrome, Apple’s Safari, or some recent version of Microsoft’s Internet Explorer or Edge browsers, you should notice that the address converts to “xn--80a7a.com.” This is called “punycode,” and it allows browsers to render domains with non-Latin alphabets like Cyrillic and Ukrainian. Below is what it looks like in Edge on Windows 10; Google Chrome renders it much the same way. Notice what’s in the address bar (ignore the “fake site” and “Welcome to…” text, which was added as a courtesy by the person who registered this domain):
Read More
Credit to Author: Lucas Mearian| Date: Wed, 07 Mar 2018 14:11:00 -0800
For regulators to understand blockchain’s cybersecurity benefits and risks, they must first have a deeper understanding of the technology – and businesses hold the key to that, according to new research.
Governments around the world are beginning to increase regulatory oversight of cryptocurrencies, such as bitcoin, which are underpinned by blockchain’s distributed ledger technology. In turn, businesses that use private or “permissioned” blockchain networks are likely to also see more oversight, according to experts.