Independent – Page 387 – Computer Security Articles

Credit to Author: Lucian Constantin| Date: Tue, 09 May 2017 14:39:00 -0700

Microsoft released security patches Tuesday for 55 vulnerabilities across the company’s products, including for three flaws that are already exploited in targeted attacks by cyberespionage groups.

Fifteen of the vulnerabilities fixed in Microsoft’s patch bundle for May are rated as critical and they affect Windows, Microsoft Office, Microsoft Edge, Internet Explorer, and the malware protection engine used in most of the company’s anti-malware products.

System administrators should prioritize the Microsoft Office patches because they address two vulnerabilities that attackers have exploited in targeted attacks over the past two months. Both of these flaws, CVE-2017-0261 and CVE-2017-0262, stem from how Microsoft Office handles Encapsulated PostScript (EPS) image files and can lead to remote code execution on the underlying system.

To read this article in full or to leave a comment, please click here

Independent Krebs

May 9, 2017 admin

Emergency Fix for Windows Anti-Malware Flaw Leads May’s Patch Tuesday

Credit to Author: BrianKrebs| Date: Tue, 09 May 2017 18:14:25 +0000

Adobe and Microsoft both issued updates today to fix critical security vulnerabilities in their software. Microsoft actually issued an emergency update on Monday just hours ahead of today’s regularly scheduled “Patch Tuesday” (the 2nd Tuesday of each month) to fix a dangerous flaw present in most of Microsoft’s anti-malware technology that’s being called the worst Windows bug in recent memory. Separately, Adobe has a new version of its Flash Player software available that squashes at least seven nasty bugs. Last week, Google security researcher Tavis Ormandy reported to Microsoft a flaw in its Malware Protection Engine, a technology that exists in most of Redmond’s malware protection offerings — including Microsoft Forefront, Microsoft Security Essentials and Windows Defender. Rather than worry about their malicious software making it past Microsoft’s anti-malware technology, attackers could simply exploit this flaw to run their malware automatically once their suspicious file is scanned.

ComputerWorld Independent

May 9, 2017 admin

Microsoft fixes remote hacking flaw in Windows Malware Protection Engine

Credit to Author: Lucian Constantin| Date: Tue, 09 May 2017 11:32:00 -0700

Microsoft released an update for the malware scanning engine bundled with most of its Windows security products in order to fix a highly critical vulnerability that could allow attackers to hack computers.

The vulnerability was discovered by Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich on Saturday and was serious enough for Microsoft to create and release a patch by Monday. This was an unusually fast response for the company, which typically releases security updates on the second Tuesday of every month and rarely breaks out of that cycle.

Ormandy announced Saturday on Twitter that he and his colleague found a “crazy bad” vulnerability in Windows and described it as “the worst Windows remote code execution in recent memory.”

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

May 9, 2017 admin

Industrial robots are security weak link

Credit to Author: Sharon Gaudin| Date: Tue, 09 May 2017 03:00:00 -0700

Industrial robots used in factories and warehouses that are connected to the internet are not secure, leaving companies open to cyberattacks and costly damages.

That’s the word coming from a study conducted by global security software company Trend Micro and Polytechnic University of Milan, the largest technical university in Italy.

“The industrial robot – it’s not ready for the world it’s living in,” said Mark Nunnikhoven, vice president of cloud research at Trend Micro. “The reality is these things are being connected in more and more places. There are a lot of attacks that could happen in that environment.”

The study looked at Internet security vulnerabilities that could involve industrial robots used on manufacturing lines in areas such as the automobile and aerospace industries. The robots, which generally look like large mechanical arms, are used to move heavy objects, weld seams and fit pieces together. The machines also can be found moving and stacking crates in warehouses.

To read this article in full or to leave a comment, please click here

Independent Krebs

May 8, 2017 admin

Website Flaw Let True Health Diagnostics Users View All Medical Records

Credit to Author: BrianKrebs| Date: Tue, 09 May 2017 03:13:04 +0000

Over the past two weeks readers have pointed KrebsOnSecurity to no fewer than three different healthcare providers that failed to provide the most basic care to protect their patients’ records online. Only one of the three companies — the subject of today’s story — required users to be logged in order to view all patient records. A week ago I heard from Troy Mursch, an IT consultant based in Las Vegas. A big fan of proactive medical testing, Mursch said he’s been getting his various lab results reviewed annually for the past two years with the help of a company based in Frisco, Texas called True Health Diagnostics.

ComputerWorld Independent

May 8, 2017 admin

Local cost of a Big Mac decides ransom amount for Fatboy ransomware

Credit to Author: Darlene Storm| Date: Mon, 08 May 2017 09:33:00 -0700

Location, location, location … you’ve heard it many times before but not when it comes to a ransomware deciding a ransom amount. Fatboy, a ransomware-as-a-service, is believed to be the first ransomware that automatically adjusts the ransom amount based on a victim’s location.

Just when you think you’ve heard every conceivable ransomware demand – not just ransoms paid in bitcoins or other cryptocurrencies like Monero, or paid in iTunes or Amazon gift cards, ransomware which costs nothing for decryption as long as you infect two other people, or even ransomware that demands a high score on a shooter game before decrypting drives – now there’s a ransomware that charges victims based on the Big Mac Index.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

May 8, 2017 admin

Supply chain attack on HandBrake video converter app hits Mac users

Credit to Author: Lucian Constantin| Date: Mon, 08 May 2017 08:04:00 -0700

Hackers compromised a download server for HandBrake, a popular open-source program for converting video files, and used it to distribute a macOS version of the application that contained malware.

The HandBrake development team posted a security warning on the project’s website and support forum on Saturday, alerting Mac users who downloaded and installed the program from May 2 to May 6 to check their computers for malware.

The attackers compromised only a download mirror hosted under download.handbrake.fr, with the primary download server remaining unaffected. Because of this, users who downloaded HandBrake-1.0.7.dmg during the period in question have a 50/50 chance of having received a malicious version of the file, the HandBreak team said.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

May 8, 2017 admin

Patch to fix Intel-based PCs with enterprise bug rolls out this week

Credit to Author: Michael Kan| Date: Mon, 08 May 2017 04:31:00 -0700

PC vendors this week will start rolling out patches that fix a severe vulnerability found in certain Intel-based business systems, including laptops, making them easier to hack.

Intel on Friday released a new notice urging clients to take steps to secure their systems.

The chipmaker has also released a downloadable tool that can help IT administrators and users discover whether a machine they own has the vulnerability.

In addition, vendors including Fujitsu, HP and Lenovo have released lists showing which products are affected and when the patches will roll out.

To read this article in full or to leave a comment, please click here