Independent – Page 394 – Computer Security Articles

Credit to Author: Michael Kan| Date: Thu, 20 Apr 2017 13:57:00 -0700

Users that run unpatched software beware. Hackers have been relying on an old software bug tied to the Stuxnet worm to carry out their attacks.

Microsoft may have initially patched the flaw in 2010, but it’s nevertheless become the most widespread software exploit, according to security firm Kaspersky Lab.

On Thursday, Kaspersky posted research examining the use of exploits, or malicious programs designed to take advantage of certain software flaws. Once an exploit goes to work, it can typically pave the way for other malicious programs to install onto a computer.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

April 20, 2017 admin

Developer lifts Windows 7's update blockade with unsanctioned patch

Credit to Author: Gregg Keizer| Date: Thu, 20 Apr 2017 13:28:00 -0700

An anonymous developer has published a patch that negates Microsoft’s barring of security updates from Windows 7 and 8.1 PCs equipped with the very newest processors.

The developer, identified as “Zeffy,” posted the patch and accompanying documentation on GitHub, the code repository.

“I was inspired to look into these new rollup updates that Microsoft released on March 16 [after reading about the processor-related blocking of Windows Update],” wrote Zeffy. “[That was] essentially a giant middle finger to anyone who dare not ‘upgrade’ to the steaming pile of garbage known as Windows 10.”

To read this article in full or to leave a comment, please click here

Independent Securiteam

April 20, 2017 admin

Security conferences – Survival guide 2017 Q3

Credit to Author: Maor Schwartz| Date: Thu, 20 Apr 2017 07:10:46 +0000

The security conferences “Survival guide” for 2017 Q3 is here! We have gathered the following information for you for each conference: Dates Place Link to official conference website Ticket price Lectures Workshops So let’s get started: Security conferences – Survival guide part 3 Camp++ Dates: 6 – 9 July 2017 Place: Fort Monostor, Komárom, Hungary … Continue reading Security conferences – Survival guide 2017 Q3

Independent Securiteam

April 19, 2017 admin

SSD Advisory – Linksys PPPoE Multiple Vulnerabilities

Credit to Author: Maor Schwartz| Date: Wed, 19 Apr 2017 13:52:33 +0000

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in Linksys EA, XAC and AC series devices. The vulnerabilities has been found in the way the Linksys devices (EA, XAC and AC series) handle the Point-to-point protocol over Ethernet (PPPoE) Discovery (PPPoED) process allowing an unprivileged active attacker on the same network segment (layer2) … Continue reading SSD Advisory – Linksys PPPoE Multiple Vulnerabilities

Independent Krebs

April 19, 2017 admin

Tracing Spam: Diet Pills from Beltway Bandits

Credit to Author: BrianKrebs| Date: Wed, 19 Apr 2017 18:56:10 +0000

Reading junk spam messages isn’t exactly my idea of a good time, but sometimes fun can be had when you take a moment to check who really sent the email. Here’s the simple story of how a recent spam email advertising celebrity “diet pills” was traced back to a Washington, D.C.-area defense contractor that builds tactical communications systems for the U.S. military and intelligence communities.

ComputerWorld Independent

April 19, 2017 admin

DHS's ICS-CERT warns of BrickerBot: IoT malware that will brick vulnerable devices

Credit to Author: Darlene Storm| Date: Wed, 19 Apr 2017 08:21:00 -0700

Since the emergence of Mirai, you may have wondered if your IoT device has ever been infected with malware; you even may have rebooted the device which would remove the infection. But if your IoT device becomes infected with BrickerBot, you will know because the malware will “brick” it. Just the same, some people will believe the hardware failed.

Radware security researchers previously said BrickerBot malware was responsible for permanent denial of service attacks (PDoS) that would “destroy” the infected devices. PDoS, also known as “phlashing,” is “an attack that damages a system so badly that it requires replacement or reinstallation of hardware. By exploiting security flaws or misconfigurations, this type of cyberattack can destroy the firmware and/or basic functions of system.”

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

April 19, 2017 admin

DHS' ICS-CERT warns of BrickerBot: IoT malware that will brick vulnerable devices

Credit to Author: Darlene Storm| Date: Wed, 19 Apr 2017 08:21:00 -0700

To read this article in full or to leave a comment, please click here

Independent Krebs

April 18, 2017 admin

InterContinental Hotel Chain Breach Expands

Credit to Author: BrianKrebs| Date: Wed, 19 Apr 2017 01:35:39 +0000

In December 2016, KrebsOnSecurity broke the news that fraud experts at various banks were seeing a pattern suggesting a widespread credit card breach across a large number of the 5,000 hotels worldwide owned by InterContinental Hotels Group (IHG). In February, IHG acknowledged a breach but said it appeared to involve only a dozen properties. Now, IHG has released data showing that cash registers at more than 1,000 of its properties were compromised with malicious software designed to siphon customer debit and credit card data.