Independent – Page 225 – Computer Security Articles

Credit to Author: BrianKrebs| Date: Fri, 15 Dec 2017 16:48:18 +0000

On Dec. 6, 2017, approximately USD $52 million worth of Bitcoin mysteriously disappeared from the coffers of NiceHash, a Slovenian company that lets users sell their computing power to help others mine virtual currencies. As the investigation into the heist nears the end of its second week, many Nice-Hash users have expressed surprise to learn that the company’s chief technology officer recently served several years in prison for operating and reselling a massive botnet, and for creating and running ‘Darkode,” until recently the world’s most bustling English-language cybercrime forum.

ComputerWorld Independent

December 15, 2017 admin

Apple and Cisco just improved security in the iOS enterprise

Credit to Author: Jonny Evans| Date: Fri, 15 Dec 2017 06:47:00 -0800

Apple and Cisco have struck yet another blow for enterprise IT. They know that iOS is the most secure mobile solution, but that’s not everything because mobile threats are incredibly complex these days.

The enigma code

Here’s a scenario: You work in an enterprise with perhaps 1,000 other employees. One morning, perhaps 50 of you woke to find an authentic-seeming email in your in-box that requests you click on a link to update some system related to the work you do. While many employees remembered not to click on that link, a small number did click. No one thought too much of the email — spam is frequent and most just thought the mail was aimed at them.

To read this article in full, please click here

ComputerWorld Independent

December 14, 2017 admin

Why Windows 7 updates are getting bigger

Credit to Author: Gregg Keizer| Date: Thu, 14 Dec 2017 05:04:00 -0800

Windows 7’s security rollups, the most comprehensive of the fixes it pushes out each Patch Tuesday, have almost doubled in size since Microsoft revamped the veteran operating system’s update regimen last year.

According to Microsoft’s own data, what it calls the “Security Quality Monthly Rollup” (rollup from here on) grew by more than 70% within the first dozen issued updates. From its October 2016 inception, the x86 version of the update increased from 72MB to 124.4MB, a 73% jump. Meanwhile, the always-larger 64-bit version went from an initial 119.4MB to 203.2MB 12 updates later, representing a 70% increase.

The swelling security updates were not, in themselves, a surprise. Last year, when Microsoft announced huge changes to how it serviced Windows 7, it admitted that rollups would put on pounds as the months pass. “The Rollups will start out small, but we expect that these will grow over time,’ Nathan Mercer, a Microsoft product marketing manager, said at the time. Mercer’s explanation: “A Monthly Rollup in October will include all updates for October, while November will include October and November updates, and so on.”

To read this article in full, please click here

Independent Securiteam

December 13, 2017 admin

SSD Advisory – vBulletin cacheTemplates Unauthenticated Remote Arbitrary File Deletion

Credit to Author: SSD / Maor Schwartz| Date: Wed, 13 Dec 2017 10:36:20 +0000

Vulnerability Summary The following advisory describes a unauthenticated deserialization vulnerability that leads to arbitrary delete files and, under certain circumstances, code execution found in vBulletin version 5. vBulletin, also known as vB, is “a widespread proprietary Internet forum software package developed by vBulletin Solutions, Inc., based on PHP and MySQL database server. vBulletin powers many … Continue reading SSD Advisory – vBulletin cacheTemplates Unauthenticated Remote Arbitrary File Deletion

Independent Securiteam

December 13, 2017 admin

SSD Advisory – vBulletin routestring Unauthenticated Remote Code Execution

Credit to Author: SSD / Maor Schwartz| Date: Wed, 13 Dec 2017 10:11:35 +0000

Vulnerability Summary The following advisory describes a unauthenticated file inclusion vulnerability that leads to remote code execution found in vBulletin version 5. vBulletin, also known as vB, is a widespread proprietary Internet forum software package developed by vBulletin Solutions, Inc., based on PHP and MySQL database server. vBulletin powers many of the largest social sites … Continue reading SSD Advisory – vBulletin routestring Unauthenticated Remote Code Execution

ComputerWorld Independent

December 13, 2017 admin

Mingis on Tech: Blockchain explained

Credit to Author: Ken Mingis| Date: Wed, 13 Dec 2017 10:30:00 -0800

It’s the most disruptive technology since the arrival of the Internet.

Or maybe it’s the next Linux, an open-source technology that offers great promise, but somehow never seems to make it to the mainstream world.

“It,” in this case, is blockchain – the buzz-worthy distributed ledger technology that first came into widespread use with Bitcoin represents a new paradigm for the way information is shared. FinTech firms are embracing it and a variety of companies are already rushing to figure out how they can use it to save time and admin costs, according to Computerworld Senior Reporter Lucas Mearian.

To read this article in full, please click here

Independent Krebs

December 13, 2017 admin

Mirai IoT Botnet Co-Authors Plead Guilty

Credit to Author: BrianKrebs| Date: Wed, 13 Dec 2017 16:23:18 +0000

The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called “Internet of Things” devices such as security cameras, routers, and digital video recorders for use in large scale attacks designed to knock Web sites and entire networks offline (including multiple major attacks against this site).

ComputerWorld Independent

December 13, 2017 admin

How Apple’s Safari browser can save your Christmas

Credit to Author: Jonny Evans| Date: Wed, 13 Dec 2017 05:24:00 -0800

While I see online ads as a necessary evil if you want to keep websites in business, I’m so annoyed at the way the latest ads services seem so focused on ruining everybody’s Christmas surprise.

The ads Grinch stole Christmas

This is what happens: Ads sites track where you go online; retailers track you too and all this information is shared. Look at an item online, see an ad for it on the next page you go to. Not only is this behavioural retargeting vastly creepy, but when it comes to Christmas these things make it impossible to keep secrets, particularly on a shared Mac. Been looking at [insert name of hot new obsessive teenage-focused product here] with a view to buying one to gift your child? Don’t be too upset if said child gets onto your computer to check their Bitcoin investment only to find themselves staring at ads for the object of their desire. Kids aren’t stupid – they know how ads work online (even if we don’t). What’s happened? Your Christmas surprise is spoiled and your teenager won’t believe in Santa Claus any more, even if they are looking for a flat Earth shadow during the next eclipse.

To read this article in full, please click here