Independent – Page 227 – Computer Security Articles

Credit to Author: Jonny Evans| Date: Fri, 08 Dec 2017 06:42:00 -0800

The expression “safe as houses” will become a thing of the past if tech firms don’t get connected home security right, and the need to be incredibly watchful was visible in Apple’s latest security blunder this week.

Not so ideal home

The latest iOS 11.2 update held a zero-day vulnerability attackers could exploit to control smart home devices, including connected locks, 9to5Mac explains. While the vulnerability was difficult to exploit, and Apple has acted very swiftly to close this security gap, its existence exposes the risk of smart homes.

To read this article in full, please click here

Independent Krebs

December 7, 2017 admin

Phishers Are Upping Their Game. So Should You.

Credit to Author: BrianKrebs| Date: Fri, 08 Dec 2017 00:35:24 +0000

Not long ago, phishing attacks were fairly easy for the average Internet user to spot: Full of grammatical and spelling errors, and linking to phony bank or email logins at unencrypted (http:// vs. https://) Web pages. Increasingly, however, phishers are upping their game, polishing their copy and hosting scam pages over https:// connections — complete with the green lock icon in the browser address bar to make the fake sites appear more legitimate.

ComputerWorld Independent

December 7, 2017 admin

How blockchain will underpin the new trust economy

Credit to Author: Lucas Mearian| Date: Thu, 07 Dec 2017 03:20:00 -0800

Over the next two years, enterprises are expected to ramp up their efforts to test blockchain technology as part of a new method of establishing trust in a digital economy.

New research from consultancy Deloitte LLP shows a “trust economy” is now developing around person-to-person (P2P) transactions enabled by blockchain technology and not dependent on more traditional methods such as credit ratings or guaranteed cashier’s checks.

“Rather, it relies on each transacting party’s reputation and digital identity – the elements of which may soon be stored and managed in a blockchain,” Deloitte analysts said in a report.

To read this article in full, please click here

Independent Securiteam

December 6, 2017 admin

SSD Advisory – Dasan Unauthenticated Remote Code Execution

Credit to Author: SSD / Maor Schwartz| Date: Wed, 06 Dec 2017 06:42:29 +0000

Vulnerability Summary The following advisory describes a buffer overflow that leads to remote code execution found in Dasan Networks GPON ONT WiFi Router H640X versions 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 Dasan Networks GPON ONT WiFi Router “is indoor type ONT dedicated for FTTH (Fibre to the Home) or FTTP (Fiber to the Premises) deployments. That … Continue reading SSD Advisory – Dasan Unauthenticated Remote Code Execution

Independent Securiteam

December 6, 2017 admin

SSD Advisory – Monstra CMS RCE

Credit to Author: SSD / Noam Rathaus| Date: Wed, 06 Dec 2017 06:35:44 +0000

Vulnerabilities Summary The following advisory describes a vulnerability found in Monstra CMS. Monstra is “a modern and lightweight Content Management System. It is Easy to install, upgrade and use.” The vulnerability found is a remote code execution vulnerability through an arbitrary file upload mechanism. Credit An independent security researcher, Ishaq Mohammed, has reported this vulnerability … Continue reading SSD Advisory – Monstra CMS RCE

Independent Krebs

December 5, 2017 admin

Anti-Skimmer Detector for Skimmer Scammers

Credit to Author: BrianKrebs| Date: Tue, 05 Dec 2017 20:37:22 +0000

Crooks who make and deploy ATM skimmers are constantly engaged in a cat-and-mouse game with financial institutions, which deploy a variety of technological measures designed to defeat skimming devices. The latest innovation aimed at tipping the scales in favor of skimmer thieves is a small, battery powered device that provides crooks a digital readout indicating whether an ATM likely includes digital anti-skimming technology.

ComputerWorld Independent

December 5, 2017 admin

Thanks, Microsoft, but I’m still saying no to Windows 10

Credit to Author: Steven J. Vaughan-Nichols| Date: Tue, 05 Dec 2017 05:26:00 -0800

I’ve been hearing a lot from friends recently about how Windows 10 is the best Windows ever and people would be stupid not to switch. These being friends, I don’t want to be rude, but — cough, ahem — I don’t buy it.

Is security your No. 1 concern? Well, Windows 10 is no more secure than Windows 7 — which is to say it is a profoundly insecure operating system. There have been a lot of serious Windows security patches in the last year, and Windows 10 had all the same problems as Windows 7.

True, Windows didn’t have anything as bad as macOS’s unbelievably stupid “Let anyone log in as the administrator” security hole, but just because Microsoft didn’t botch things as badly as Apple did doesn’t get it off the hook. I mean, what do you call it when Microsoft fixes security holes in Windows 10 that it doesn’t patch in Windows 7? I call it really, really stupid.

To read this article in full, please click here

Independent Securiteam

December 4, 2017 admin

SSD Advisory – Coredy CX-E120 Repeater Multiple Vulnerabilities

Credit to Author: SSD / Maor Schwartz| Date: Mon, 04 Dec 2017 09:37:02 +0000

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in Coredy CX-E120 Repeater. The Coredy CX-E120 WiFi Range Extender is “a network device with multifunction, which can be using for increasing the distance of a WiFi network by boosting the existing WiFi signal and enhancing the overall signal quality over long distances. An extender … Continue reading SSD Advisory – Coredy CX-E120 Repeater Multiple Vulnerabilities