Independent – Page 372 – Computer Security Articles

Credit to Author: Woody Leonhard| Date: Thu, 06 Jul 2017 07:23:00 -0700

On Patch Wednesday of this week, Microsoft said it released 14 non-security Office updates, covering such fascinating topics as improved Dutch translations in Word 2013, Danish translations in Access, and Finnish and Swedish translations in Excel. Typical first Tuesday stuff.

Microsoft neglected to mention that it also shipped a fix for the bugs introduced by last month’s patches to Outlook 2010. Dubbed KB 4011042, the neglected fix appears to be a non-security patch that fixes bugs created by a security patch — a red flag for many advanced patchers.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

July 6, 2017 admin

The ancient Microsoft networking protocol at the core of the latest global malware attack

Credit to Author: Preston Gralla| Date: Thu, 06 Jul 2017 03:20:00 -0700

Another day, another global malware attack made possible by a Microsoft security hole. Once again, attackers used hacking tools developed by the U.S. National Security Agency (NSA), which were stolen and subsequently released by a group called Shadow Brokers.

This time around, though, the late-June attack apparently wasn’t ransomware with which the attackers hoped to make a killing. Instead, as The New York Times noted, it was likely an attack by Russia on Ukraine on the eve of a holiday celebrating the Ukrainian constitution, which was written after Ukraine broke away from Russia. According to the Times, the attack froze “computers in Ukrainian hospitals, supermarkets, and even the systems for radiation monitoring at the old Chernobyl nuclear plant.” After that, it spread worldwide. The rest of the world was nothing more than collateral damage.

To read this article in full or to leave a comment, please click here

Independent Krebs

July 5, 2017 admin

Who is the GovRAT Author and Mirai Botmaster ‘Bestbuy’?

Credit to Author: BrianKrebs| Date: Wed, 05 Jul 2017 11:25:14 +0000

In February 2017, authorities in the United Kingdom arrested a 29-year-old U.K. man on suspicion of knocking more than 900,000 Germans offline in an attack tied to Mirai, a malware strain that enslaves Internet of Things (IoT) devices like security cameras and Internet routers for use in large-scale cyberattacks. Investigators haven’t yet released the man’s name, but news reports suggest he may be better known by the hacker handle “Bestbuy.” This post will follow a trail of clues back to one likely real-life identity of Bestbuy.

Independent Securiteam

July 2, 2017 admin

SSD Advisory – EMC IsilonSD Edge Command Injection

Credit to Author: SSD / Maor Schwartz| Date: Sun, 02 Jul 2017 08:09:16 +0000

Vulnerability Summary The following advisory describes a Remote Command Injection vulnerability found in EMC IsilonSD Edge version 1.0.1.0005. IsilonSD Edge enables you to deploy industry leading scale-out NAS operating system using industry-standard hardware. Key benefits of IsilonSD Edge: Simple yet powerful and efficient scale-out storage solution for remote and branch offices, Easily extends your enterprise … Continue reading SSD Advisory – EMC IsilonSD Edge Command Injection

Independent Krebs

July 2, 2017 admin

Is it Time to Can the CAN-SPAM Act?

Credit to Author: BrianKrebs| Date: Sun, 02 Jul 2017 16:14:42 +0000

Regulators at the U.S. Federal Trade Commission (FTC) are asking for public comment on the effectiveness of the CAN-SPAM Act, a 14-year-old federal law that seeks to crack down on unsolicited commercial email. Judging from an unscientific survey by this author, the FTC is bound to get an earful.

Independent Securiteam

June 30, 2017 admin

SSD Advisory – Odoo CRM Code Execution

Credit to Author: SSD / Maor Schwartz| Date: Fri, 30 Jun 2017 18:50:42 +0000

Vulnerability Summary The following advisory describe arbitrary Python code execution found in Odoo CRM version 10.0 Odoo is a suite of open source business apps that cover all your company needs: CRM, eCommerce, accounting, inventory, point of sale, project management, etc. Odoo’s unique value proposition is to be at the same time very easy to … Continue reading SSD Advisory – Odoo CRM Code Execution

Independent Krebs

June 30, 2017 admin

So You Think You Can Spot a Skimmer?

Credit to Author: BrianKrebs| Date: Fri, 30 Jun 2017 20:32:06 +0000

This week marks the 50th anniversary of the automated teller machine — better known to most people as the ATM or cash machine. Thanks to the myriad methods thieves have devised to fleece unsuspecting cash machine users over the years, there are now more ways than ever to get ripped off at the ATM. Think you’re good at spotting the various scams? A newly released ATM fraud inspection guide may help you test your knowledge.

ComputerWorld Independent

June 30, 2017 admin

The paranoid Mac traveler’s 10-point data protection checklist

Credit to Author: Richard Hoffman| Date: Fri, 30 Jun 2017 03:01:00 -0700

Here’s an increasingly common scenario: You’re on a business trip, either entering a foreign country or returning home. As you go through customs, a border-control agent asks you to turn on and hand over your iPhone, then starts poking around, looking at your text messages, call logs and apps. The agent then asks you to wake your MacBook, log into your social media accounts and open your email. After the agent reads your tweets and posts for a few minutes, your phone and laptop are taken “for further inspection” — and returned some time later.

Alternatively, the equivalent of the Transportation Security Administration (TSA) in a foreign country declares that all laptops on international flights must be put in checked baggage — a scenario only narrowly averted a few weeks ago. Your company laptop is properly checked in, but when you arrive at your destination, you discover that not only has your bag been searched, but your laptop appears to have been opened and powered on.

To read this article in full or to leave a comment, please click here