Independent – Page 388 – Computer Security Articles

Credit to Author: SSD / Maor Schwartz| Date: Sun, 07 May 2017 00:33:00 +0000

Vulnerability Summary The following advisory describes a File Disclosure vulnerability found in TerraMaster Operating System (TOS) version 3. TerraMaster Operating System, TOS is a Linux platform-based operating system developed for TerraMaster cloud storage NAS server. TOS 3 is the third generation operating system newly launched. Credit An independent security researcher has reported this vulnerability to … Continue reading SSD Advisory – TerraMaster Operating System (TOS) File Disclosure

ComputerWorld Independent

May 5, 2017 admin

Cyberspies tap free tools to build powerful malware framework

Credit to Author: Lucian Constantin| Date: Fri, 05 May 2017 07:54:00 -0700

Over the past year, a group of attackers has managed to infect hundreds of computers belonging to government agencies with a malware framework stitched together from JavaScript code and publicly available tools.

The attack, analyzed by researchers from antivirus firm Bitdefender, shows that cyberespionage groups don’t necessarily need to invest a lot of money in developing unique and powerful malware programs to achieve their goals. In fact, the use of publicly available tools designed for system administration can increase an attack’s efficiency and makes it harder for security vendors to detect it and link it to a particular threat actor.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

May 4, 2017 admin

Google Docs phishing scam underscores OAuth security risks

Credit to Author: Michael Kan| Date: Thu, 04 May 2017 16:20:00 -0700

Google has stopped Wednesday’s clever email phishing scheme, but the attack may very well make a comeback.

One security researcher has already managed to replicate it, even as Google is trying to protect users from such attacks.

“It looks exactly like the original spoof,” said Matt Austin, director of security research at Contrast Security.

The phishing scheme — which may have circulated to 1 million Gmail users — is particularly effective because it fooled users with a dummy app that looked like Google Docs.

To read this article in full or to leave a comment, please click here

Independent Securiteam

May 4, 2017 admin

Know your community – @unixfreaxjp, founder and team leader of MalwareMustDie

Credit to Author: Maor Schwartz| Date: Thu, 04 May 2017 08:56:45 +0000

Every once in a while you hear on the news that cyber criminals were arrested, today I have the honor to interview the man who put them behind bars! Please meet @unixfreaxjp, founder and team leader of MalwareMustDie, NPO (malwaremustdie.org) and Kendo master (3rd Dan). Disclaimer: A lot of criminals are looking for him, so … Continue reading Know your community – @unixfreaxjp, founder and team leader of MalwareMustDie

Independent Securiteam

May 4, 2017 admin

SSD Advisory – WordPress Unauthorized Password Reset

Credit to Author: Maor Schwartz| Date: Wed, 03 May 2017 13:09:31 +0000

Vulnerability Summary The following advisory describe Unauthorized Password Reset vulnerability found in WordPress version 4.3.1. WordPress is web software you can use to create a beautiful website or blog. We like to say that WordPress is both free and priceless at the same time. The core software is built by hundreds of community volunteers, and … Continue reading SSD Advisory – WordPress Unauthorized Password Reset

ComputerWorld Independent

May 4, 2017 admin

Microsoft asks Windows 10 Enterprise customers to test new anti-exploit tech

Credit to Author: Gregg Keizer| Date: Thu, 04 May 2017 12:58:00 -0700

Microsoft today asked enterprise customers to test a new anti-malware, anti-exploit technology in Windows 10’s baked-in browser.

Windows 10’s latest preview, tagged as build 16188 and released Thursday, includes Windows Defender Application Guard, a virtualization-based feature that isolates the contents of a tab in Edge, the OS’s default browser, from the rest of the system.

While Application Guard was announced in September, and went through limited testing in the months since, today marked its first appearance to all Insiders running Windows 10 Enterprise. Users must manually toggle on Application Guard from a setting dialog, then open a tab within Edge by selecting “New Application Guard Window” from the browser’s menu.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

May 4, 2017 admin

Cybercrime group abuses Windows app compatibility feature

Credit to Author: Lucian Constantin| Date: Thu, 04 May 2017 12:00:00 -0700

When Microsoft made it possible for enterprises to quickly resolve incompatibilities between their applications and new Windows versions, it didn’t intend to help malware authors as well. Yet, this feature is now abused by cybercriminals for stealthy and persistent malware infections.

The Windows Application Compatibility Infrastructure allows companies and application developers to create patches, known as shims. These consist of libraries that sit between applications and the OS and rewrite API calls and other attributes so that those programs can run well on newer versions of Windows.

Shims are temporary fixes that can make older programs work even if Microsoft changes how Windows does certain things under the hood. They can be deployed to computers through Group Policy and are loaded when the target applications start.

To read this article in full or to leave a comment, please click here