Independent – Page 213 – Computer Security Articles

Credit to Author: Gregg Keizer| Date: Mon, 29 Jan 2018 12:23:00 -0800

Microsoft on Saturday issued an out-of-band Windows security update that disabled a patch the company released earlier this month to protect personal computers from possible attacks leveraging one of the “Spectre” vulnerabilities.

The weekend release was Microsoft’s response to an announcement seven days ago by Intel, which told customers of all stripes – from computer makers to end users – to stop deploying the firmware updates it had offered after disclosures of the Spectre and Meltdown flaws. According to Intel, the new firmware “may introduce [a] higher-than-expected [number of] reboots and other unpredictable system behavior” on Broadwell and Haswell processors. Those silicon families were introduced in 2015 and 2013, respectively.

To read this article in full, please click here

ComputerWorld Independent

January 29, 2018 admin

KBNew: Look behind the scenes at Microsoft’s changing KB articles

Credit to Author: Woody Leonhard| Date: Mon, 29 Jan 2018 06:45:00 -0800

If you’ve been playing the cat-and-mouse Microsoft patching game for a while, you know that Microsoft changes its Knowledge Base articles from time to time, without warning and at times without documentation. Now there’s a resource for those who need to know who moved their cheese — and when.

Several times in the past month, the eagle-eyed crew at AskWoody, led by @MrBrian, have found out about new Windows patches before they were announced. They’ve also looked at the raw data showing which KB articles have been changed — even if Microsoft doesn’t document the changes. The secret? A new monitoring program called KBNew.

To read this article in full, please click here

Independent Krebs

January 29, 2018 admin

File Your Taxes Before Scammers Do It For You

Credit to Author: BrianKrebs| Date: Mon, 29 Jan 2018 14:44:23 +0000

Today, Jan. 29, is officially the first day of the 2018 tax-filing season, also known as the day that fraudsters start requesting phony tax refunds in the names of identity theft victims. Want to minimize the chances of getting hit by tax refund fraud this year? File your taxes before the bad guys can! Tax refund fraud affects hundreds of thousands, if not millions, of U.S. citizens annually. Victims usually first learn of the crime after having their returns rejected because scammers beat them to it. Even those who are not required to file a return can be victims of refund fraud, as can those who are not actually due a refund from the IRS.

ComputerWorld Independent

January 29, 2018 admin

Windows surprise patch KB 4078130: The hard way to disable Spectre 2

Credit to Author: Woody Leonhard| Date: Mon, 29 Jan 2018 05:49:00 -0800

As we crawl deeper down the Meltdown/Spectre bunny hole, Microsoft released on Friday night a weird, download-only patch that disables the “fix” that’s supposed to protect you against one of the Spectre variants. It’s the same patch, that works the same way, on every version of Windows, from Win7 to the latest Win10 beta builds.

I’m tempted to call it an out-of-band patch, but truth is that all of this month’s patches have been out of band.

You’ve no doubt been inundated by the news about Meltdown and Spectre, the two (actually, three) highly publicized security vulnerabilities in essentially all modern computer chips that, at this point, has never been seen on a real, live, in-the-wild computer.

To read this article in full, please click here

ComputerWorld Independent

January 29, 2018 admin

Ready for the EU's GDPR compliance deadline? Many companies aren't | Salted Hash Ep 16

CSO senior editor Michael Nadeau joins host Steve Ragan to talk about predictions for 2018, including the looming GDPR compliance deadline.

Independent Krebs

January 27, 2018 admin

First ‘Jackpotting’ Attacks Hit U.S. ATMs

Credit to Author: BrianKrebs| Date: Sat, 27 Jan 2018 18:45:08 +0000

ATM “jackpotting” — a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand — has long been a threat for banks in Europe and Asia, yet these attacks somehow have eluded U.S. ATM operators. But all that changed this week after the U.S. Secret Service quietly began warning financial institutions that jackpotting attacks have now been spotted targeting cash machines here in the United States.

ComputerWorld Independent

January 26, 2018 admin

Tech Talk ep 5 pt 1: The beginning of the end of the password in 2018

Independent Krebs

January 26, 2018 admin

Registered at SSA.GOV? Good for You, But Keep Your Guard Up

Credit to Author: BrianKrebs| Date: Fri, 26 Jan 2018 19:43:29 +0000

KrebsOnSecurity has long warned readers to plant your own flag at the my Social Security online portal of the U.S. Social Security Administration (SSA) — even if you are not yet drawing benefits from the agency — because identity thieves have been registering accounts in peoples’ names and siphoning retirement and/or disability funds. This is the story of a Midwest couple that took all the right precautions and still got hit by ID thieves who impersonated them to the SSA directly over the phone. In mid-December 2017 this author heard from Ed Eckenstein, a longtime reader in Oklahoma whose wife Ruth had just received a snail mail letter from the SSA about successfully applying to withdraw benefits. The letter confirmed she’d requested a one-time transfer of more than $11,000 from her SSA account. The couple said they were perplexed because both previously had taken my advice and registered accounts with MySocialSecurity, even though Ruth had not yet chosen to start receiving SSA benefits.