Sunday, April 26, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Independent

ComputerWorldIndependent
admin

Windows Defender does not defend Windows 7 against WannaCry

Credit to Author: Michael Horowitz| Date: Sun, 21 May 2017 17:37:00 -0700

Thanks to Kaspersky, we now know that 98% of the Windows machines infected by WannaCry/WannaCrypt were running Windows 7. Since, once it gets a foothold, the malware can infect an entire network, most of the attention was focused on LAN based attacks. My previous blog was about using the Windows firewall as a defensive measure.

But any malware can spread in multiple ways so there is always a need for anti-malware software on Windows PCs. The May 12th blog post, Customer Guidance for WannaCrypt attacks, in which Microsoft announced the release of a bug fix for Windows XP, mentioned that 

To read this article in full or to leave a comment, please click here

Read More
IndependentSecuriteam
admin

SSD Advisory – Synology DiskStation Manager Multiple Stored Cross-Site Scripting

Credit to Author: SSD / Maor Schwartz| Date: Sun, 21 May 2017 15:17:30 +0000

Vulnerabilities Summary The following advisory describe two (2) stored Cross-Site Scripting (XSS) found in Synology DiskStation Manager (DSM). Cross-site scripting stored in SWF file Cross-site scripting stored in Video Station application Synology DiskStation Manager (DSM), a Linux based software package that is the operating system for the DiskStation and RackStation products. The Synology DSM is … Continue reading SSD Advisory – Synology DiskStation Manager Multiple Stored Cross-Site Scripting

Read More
ComputerWorldIndependent
admin

The ransomware epidemic: How to prep for a shakedown

Credit to Author: Ryan Francis| Date: Fri, 19 May 2017 13:37:00 -0700

‘Know your enemy’ – understanding what to prepare for
wannacry ransom screenshot

Image by Reuters

While ransomware isn’t new, this once-simple criminal hacker tactic has morphed into a devastatingly effective weapon wielded by more advanced cyber-criminals — as seen with the recent Wannacry outbreack. These sophisticated attackers are highly motivated by the profitable nature of their efforts. Dan Larson, technical director at CrowdStrike, looks at the current state of ransomware, why organizations should take  threats seriously and how to build a strong defense.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

The Windows firewall is the overlooked defense against WannaCry and Adylkuzz

Credit to Author: Michael Horowitz| Date: Fri, 19 May 2017 09:25:00 -0700

Despite all the attention currently focused on Windows computers being infected with WannaCry ransomware, a defensive strategy has been overlooked. This being a Defensive Computing blog, I feel the need to point it out.

The story being told everywhere else is simplistic and incomplete. Basically, the story is that Windows computers without the appropriate bug fix are getting infected over the network by WannaCry ransomware and the Adylkuzz cryptocurrency miner. 

We are accustomed to this story. Bugs in software need patches. WannaCry exploits a bug in Windows, so we need to install the patch. For a couple days, I too, ascribed to this knee-jerk theme. But there is a gap in this simplistic take on the issue. Let me explain. 

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

IDG Contributor Network: Who you gonna call?: Getting ready for the next cyber disaster

Credit to Author: Sandra Henry-Stocker| Date: Fri, 19 May 2017 06:03:00 -0700

Are you ready for the next cyber disaster? You may not ever be fully ready. Given the ever-increasing number and variety of threats out there, it’s hard to imagine the many ways in which you could be hit. Twenty years ago, who would have imagined 9/11 or ransomware or the sophistication of today’s social engineering techniques? But even if you can’t be fully prepared, you can avoid being totally unprepared.

There are many things that you can do to be more likely to recover from a major attack or limit how hard it hits you. Being more in touch, more aware, and more prepared are key. Given the proliferation and variety of the threats today, avoiding disaster is a big deal and limiting impact a worthy goal. What are those who deal these issues everyday trying to tell us and how can we put their insights to good use?

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

CW@50: Vint Cerf on his 'love affair' with tech and what’s coming next

Credit to Author: Sharon Gaudin| Date: Fri, 19 May 2017 03:00:00 -0700

When internet pioneer Vinton Cerf was 10, he was working on advanced math, and by the time he was 17, he was tinkering at programming at UCLA and beginning a lifelong “love affair” with computing.

Today, Cerf, known as the father of the internet, says software bugs are among the biggest dangers to enterprise IT and warns of the mounting challenges the IT community must face in what he calls the “digital dark age.”

Widely recognized for his contributions to technology, Cerf, 73, was awarded the U.S. National Medal of Technology for co-founding and developing the internet. He also was the recipient of the Presidential Medal of Freedom, the A.M. Turing Award and 29 honorary degrees.

To read this article in full or to leave a comment, please click here

Read More
IndependentSecuriteam
admin

SSD Advisory – Bitdefender Code Signing organizationName Buffer Overflow

Credit to Author: SSD / Maor Schwartz| Date: Thu, 18 May 2017 05:34:17 +0000

Vulnerability Summary The following advisory describes a Buffer Overflow vulnerability found in Bitdefender Engine PE. Bitdefender provides the Bitdefender “antimalware” engine for integration with other security vendors products. The engine is used in Bitdefender’s own products, for example in Bitdefender Internet Security 2017 and below. The antimalware engine is the core of the product, among … Continue reading SSD Advisory – Bitdefender Code Signing organizationName Buffer Overflow

Read More
IndependentKrebs
admin

Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division

Credit to Author: BrianKrebs| Date: Thu, 18 May 2017 20:23:13 +0000

Identity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation’s largest consumer data brokers and credit bureaus. The trouble stems from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. Equifax says crooks were able to reset the 4-digit PIN given to customer employees as a password and then steal W-2 tax data after successfully answering personal questions about those employees. In a boilerplate text sent to several affected customers, Equifax said the unauthorized access to customers’ employee tax records happened between April 17, 2016 and March 29, 2017. Beyond that, the extent of the fraud perpetrated with the help of hacked TALX accounts is unclear, and Equifax refused requests to say how many consumers or payroll service customers may have been impacted by the authentication weaknesses.

Read More