Independent – Page 375 – Computer Security Articles

Credit to Author: JR Raphael| Date: Tue, 20 Jun 2017 09:04:00 -0700

Google’s Chrome OS is far more powerful and versatile than most folks realize — and one of the platform’s greatest strengths over traditional desktop OSes is its deceptively simple approach to security.

Chromebooks, you see, make security almost entirely automatic and thought-free from a user’s perspective. The devices receive regular behind-the-scenes updates with no action required on your behalf; they utilize sandboxing to keep every page and application in its own isolated environment; and their software relies on a special hardware-connected setup that ensures every computer is always running tamper-free and official Google software every time it powers up.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

June 20, 2017 admin

The Microsoft security hole at the heart of Russian election hacking

Credit to Author: Preston Gralla| Date: Tue, 20 Jun 2017 08:29:00 -0700

Russian hacking of the 2016 election went deeper than breaking into the Democratic National Committee and the Clinton campaign — the Russians also hacked their way into getting information about election-related hardware and software shortly before voting began.

The Intercept published a top-secret National Security Agency document that shows exactly how the Russians did their dirty work in targeting election hardware and software. At the heart of the hack is a giant Microsoft security hole that has been around since before 2000 and still hasn’t been closed. And likely never will.

To read this article in full or to leave a comment, please click here

Independent Securiteam

June 19, 2017 admin

SSD Advisory – Sophos XG Firewall Path Traversal

Credit to Author: SSD / Maor Schwartz| Date: Mon, 19 Jun 2017 16:17:18 +0000

Vulnerabilities Summary The following advisory describe two (2) vulnerabilities, a Path Traversal and a Missing Function Level Access Control, in Sophos XG Firewall 16.05.4 MR-4. Sophos XG Firewall provides “unprecedented visibility into your network, users, and applications directly from the all-new control center. You also get rich on-box reporting and the option to add Sophos … Continue reading SSD Advisory – Sophos XG Firewall Path Traversal

Independent Krebs

June 17, 2017 admin

Credit Card Breach at Buckle Stores

Credit to Author: BrianKrebs| Date: Sat, 17 Jun 2017 14:07:08 +0000

The Buckle Inc., a clothier that operates more than 450 stores in 44 U.S. states, disclosed Friday that its retail locations were hit by malicious software designed to steal customer credit card data. The disclosure came hours after KrebsOnSecurity contacted the company regarding reports from sources in the financial sector about a possible breach at the retailer.

Independent Securiteam

June 16, 2017 admin

SSD Advisory – ManageEngine Code Execution

Credit to Author: SSD / Maor Schwartz| Date: Fri, 16 Jun 2017 18:46:58 +0000

Vulnerability Summary The following advisory describes Unrestricted File Upload vulnerability that leads to Code Execution found in ManageEngine Firewall Analyzer and ManageEngine OpManager. ManageEngine Firewall Analyzer is a browser-based firewall/VPN/proxy server reporting solution that uses a built-in syslog server to store, analyze, and report on these logs. Firewall Analyzer provides daily, weekly, monthly, and yearly … Continue reading SSD Advisory – ManageEngine Code Execution

ComputerWorld Independent

June 16, 2017 admin

The price of security is eternal phone calls

Credit to Author: Sharky| Date: Fri, 16 Jun 2017 03:00:00 -0700

This city government is going through an extended validation process with one of its IT security providers, according to a pilot fish in the loop.

“I got an email that said to call them, since they couldn’t reach me at the number they had,” fish says. “That’s no surprise, because the number isn’t mine — it’s our Human Resources main line.

“I’ve told them in the past to call me at my actual number for this, but they always insist that they need a ‘published’ number.”

After yet another round of this for the new security certification, fish calls customer support for the security outfit and suggests they replace the HR number with the number for the city’s IT department. That’s on the city’s official website, so it should qualify as “published.”

To read this article in full or to leave a comment, please click here

Independent Securiteam

June 15, 2017 admin

Know your community – Berend-Jan Wever (SkyLined / @berendjanwever)

Credit to Author: SSD / Maor Schwartz| Date: Thu, 15 Jun 2017 14:09:29 +0000

Aspiring ASCII artist, a chef, a gardener, bug bounty hunter and one of the leading browsers vulnerability researchers. Please meet Berend-Jan Wever AKA SkyLined! Questions Q: How many years have you been working in the security field? A: Probably about 30 years. My first experience in security was as a kid, when my computer got … Continue reading Know your community – Berend-Jan Wever (SkyLined / @berendjanwever)

Independent Krebs

June 15, 2017 admin

Inside a Porn-Pimping Spam Botnet

Credit to Author: BrianKrebs| Date: Thu, 15 Jun 2017 14:35:27 +0000

For several months I’ve been poking at a decent-sized spam botnet that appears to be used mainly for promoting adult dating sites. Having hit a wall in my research, I decided it might be good to publish what I’ve unearthed so far to see if this dovetails with any other research out there. In late October 2016, an anonymous source shared with KrebsOnSecurity.com a list of nearly 100 URLs that — when loaded into a Firefox browser — each displayed what appeared to be a crude but otherwise effective “counter” designed to report in real time how many “bots” were reporting in for duty. Here’s a set of archived screenshots of those counters illustrating how these various botnet controllers keep a running tab of how many “activebots” — hacked servers set up to relay spam — are sitting idly by and waiting for instructions.