Independent – Page 229 – Computer Security Articles

Credit to Author: Jonny Evans| Date: Wed, 29 Nov 2017 04:13:00 -0800

Complacency and incompetence are the biggest computer security threats, and Apple’s latest Mac security flaw seems to combine both of these. The flaw means anyone with physical access to your Mac can get inside the machine and tinker with it.

UPDATE (29 November 9:30am PDT): Apple has issued an apology and a patch to rectify this problem, more details here.

What’s the problem with macOS High Sierra?

The problem (which first got disclosed here) was first revealed in a Tweet by Lemi Orhan Ergin, who wrote:

To read this article in full, please click here

ComputerWorld Independent

November 29, 2017 admin

Lock it down: The macOS security guide (updated)

Credit to Author: Jonny Evans| Date: Wed, 15 Nov 2017 06:11:00 -0800

Malware is everywhere, and Macs are not immune. You can ignore the potential threat if you choose, but if you are an enterprise user holding confidential data, an educator in possession of private data, or even a Bitcoin collector who maybe clicked a few too many links on one of those dodgy faucet websites, you should know how to secure your Mac.

First, some common sense security tips

Before we get into some of the security technology inside your Mac (including a wide range of security improvements in High Sierra) it is important to point out that the biggest threat your computer faces is the person using it. Cyber attackers are highly sophisticated and can piece together lots of information about you or companies associated with you by simply getting a little more data a little at a time. Make it hard for those people by following simple tips, including:

To read this article in full, please click here

ComputerWorld Independent

November 29, 2017 admin

What to do about Apple’s shameful Mac security flaw

Credit to Author: Jonny Evans| Date: Wed, 29 Nov 2017 04:13:00 -0800

What’s the problem?

The problem (which first got disclosed here) was first revealed in a Tweet by Lemi Orhan Ergin, who wrote:

Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as “root” with empty password after clicking on login button several times. Are you aware of it @Apple?
To read this article in full, please click here

Independent Krebs

November 28, 2017 admin

MacOS High Sierra Users: Change Root Password Now

Credit to Author: BrianKrebs| Date: Tue, 28 Nov 2017 22:34:22 +0000

A newly-discovered flaw in macOS High Sierra — Apple’s latest iteration of its operating system — allows anyone with local (and, apparently in some cases, remote) access to the machine to log in as the all-powerful “root” user without supplying a password. Fortunately, there is a simple fix for this until Apple patches this inexplicable bug: Change the root account’s password now.

ComputerWorld Independent

November 28, 2017 admin

Microsoft Patch Alert: November’s forced upgrades, broken printers and more

Credit to Author: Woody Leonhard| Date: Tue, 28 Nov 2017 13:08:00 -0800

There are so many issues with this month’s security patches that it’s hard to decide where to begin. Let’s start with the problems that have been acknowledged, then move into the realm of what’s not yet fully defined.

Forced upgrades

Many users have remarked about how much the forced 1703-to-1709 Windows 10 upgrades feel like Microsoft’s detested forced upgrades from Win 7 and 8.1 to 10 – the “Get Windows X” campaign. Although the situation’s different on the surface, the net result is the same. Many people who were happily using Windows 10 Fall Update – version 1703 – were forcibly upgraded this month to the Fall Creators Update – version 1709 – even on systems that were not supposed to be upgraded.

To read this article in full, please click here

Independent Securiteam

November 28, 2017 admin

SSD Advisory – ZTE ZXDSL Configuration Reset

Credit to Author: SSD / Maor Schwartz| Date: Tue, 28 Nov 2017 13:18:47 +0000

Vulnerability Summary The following advisory describes a configuration reset vulnerability found in ZTE ZXDSL 831CII version 6.2. ZXDSL 831CII is “an ADSL access device to support multiple line modes. It supports ADSL2/ADSL2+ and is backward compatible to ADSL, even offers auto-negotiation capability for different flavors (G.dmt, T1.413 Issue 2) according to central office DSLAM’s settings … Continue reading SSD Advisory – ZTE ZXDSL Configuration Reset

ComputerWorld Independent

November 27, 2017 admin

HP stealthily installs new spyware called HP Touchpoint Analytics Client

Credit to Author: Woody Leonhard| Date: Mon, 27 Nov 2017 13:29:00 -0800

Hard to imagine in this age of privacy scandals, but HP is installing a telemetry client on its customers’ computers — and it isn’t offering any warning, or asking permission, before delivering the payload.

Dubbed “HP Touchpoint Analytics Service,” HP says it “harvests telemetry information that is used by HP Touchpoint’s analytical services.” Apparently, it’s HP Touchpoint Analytics Client version 4.0.2.1435.

There are dozens of reports of this new, ahem, service scattered all over the internet. According to Günter Born, reports of the infection go all the way back to Nov. 15, when poster MML on BleepingComputer said:

To read this article in full, please click here

Independent Securiteam

November 27, 2017 admin

SSD Advisory – Synology StorageManager smart.cgi Remote Command Execution

Credit to Author: SSD / Maor Schwartz| Date: Mon, 27 Nov 2017 13:45:53 +0000

Vulnerability Summary The following advisory describes a remote command execution vulnerability found in Synology StorageManager. Storage Manager is “a management application that helps you organize and monitor the storage capacity on your Synology NAS. Depending on the model and number of installed hard drives, Storage Manager helps you accomplish the following tasks: Create different types … Continue reading SSD Advisory – Synology StorageManager smart.cgi Remote Command Execution