RSS Reader for Computer Security Articles
Credit to Author: Mathias Thurman| Date: Thu, 25 May 2017 10:05:00 -0700
A couple of weeks ago, possibly every security manager in the world was dealing with the repercussions of WannaCry, a ransomware worm that screamed across the internet and flooded the media. IT and security departments, placed on high alert, had to scramble — whether or not any of their systems had been infected. I was no exception.
Credit to Author: BrianKrebs| Date: Thu, 25 May 2017 18:08:21 +0000
Earlier this month, KrebsOnSecurity featured a story about a basic security flaw in the Web site of medical diagnostics firm True Health Group that let anyone who was logged in to the site view all other patient records. In that story I mentioned True Health was one of three major healthcare providers with similar website problems, and that the other two providers didn’t even require a login to view all patient records. Today we’ll examine such a flaw that was just fixed by Molina Healthcare, a Fortune 500 company that until recently was exposing countless patient medical claims to the entire Internet without requiring any authentication.
Read More
Credit to Author: Sandra Henry-Stocker| Date: Thu, 25 May 2017 05:47:00 -0700
Deploying password quality checking on your Debian-base Linux servers can help to ensure that your users assign reasonable passwords on their accounts, but the settings themselves can be a bit misleading. For example, setting a minimum password length of 12 characters does not mean that your users’ passwords will all have twelve or more characters. Let’s stroll down Complexity Boulevard and see how the settings work and examine some settings worth considering.
First, if you haven’t done this already, install the password quality checking library with this command:
apt-get -y install libpam-pwquality
The files that contain most of the settings we’re going to look at will be:
To read this article in full or to leave a comment, please click here
Credit to Author: Darlene Storm| Date: Wed, 24 May 2017 08:26:00 -0700
Well, well, well, the NSA may not waltz away legally unscathed after spying on Americans’ private communications due to the dogged determination of the Wikimedia Foundation, the ACLU, the Knight First Amendment Institute at Columbia University and eight other co-plaintiffs.
The 4th US Circuit Court of Appeals ruled to give Wikimedia a chance to legally challenge the NSA’s mass surveillance as being unconstitutional. The government has previously argued that the NSA’s Upstream warrantless spying is authorized under Section 702 of the Foreign Intelligence Surveillance Act. Thanks to Upstream surveillance, the NSA sucks up and searches through American’s international internet communications.
To read this article in full or to leave a comment, please click here
Credit to Author: Ryan Francis| Date: Tue, 23 May 2017 14:53:00 -0700
BOSTON — Retired Gen. Michael Hayden held nothing back when speaking to cybersecurity pros today at the ZertoCon business continuity conference.
It’s been more than a decade since he led the National Security Agency (NSA), but that didn’t stop Hayden from asserting that the Russians were involved in last year’s U.S. presidential election. His view: Only two presidents doubt that the Russians were involved in the 2016 election — Donald Trump and Vladimir Putin.
“They [the Russians] had an affect on the election, there is no question that this happened,” Hayden said. “The question is if there was collaboration with the campaign.”
To read this article in full or to leave a comment, please click here
Credit to Author: Andy Patrizio| Date: Tue, 23 May 2017 14:00:00 -0700
A few days ago, Microsoft’s top lawyer took the NSA to task over WannaCry, saying that problem was the agency’s creation because it built and stockpiled such malware for its own use.
Now WikiLeaks has revealed more government-created malware and this one is a nasty piece of work.
Codenamed “Athena,” the spyware targets all version of Windows from Windows XP to Windows 10, and was released in August 2015. It was created in part by a private New Hampshire-based cyber security firm called Siege Technologies.
To read this article in full or to leave a comment, please click here
Credit to Author: SSD / Maor Schwartz| Date: Tue, 23 May 2017 06:41:53 +0000
Vulnerabilities Summary The following advisory describes six (6) vulnerabilities found in Informix Dynamic Server and Informix Open Admin Tool. IBM Informix Dynamic Server Exceptional, low maintenance online transaction processing (OLTP) data server for enterprise and workgroup computing. IBM Informix Dynamic Server has many features that cater to a variety of user groups, including developers and … Continue reading SSD Advisory – IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities
Read More
Credit to Author: Lucas Mearian| Date: Tue, 23 May 2017 03:01:00 -0700
While blockchain may have cut its teeth on the cryptocurrency Bitcoin, the distributed electronic ledger technology is quickly making inroads across a variety of industries.
That’s mainly because of its innate security and its potential for improving systems operations all while reducing costs and creating new revenue streams.
David Schatsky, a managing director at consultancy Deloitte LLP, believes blockchain’s diversity speaks to its versatility in addressing business needs, but “the impact that blockchain will have on businesses in various industries is not yet fully understood.”
To read this article in full or to leave a comment, please click here