Monday, April 27, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Independent

IndependentSecuriteam
admin

SSD Advisory – Ubuntu LightDM Guest Account Local Privilege Escalation

Credit to Author: Maor Schwartz| Date: Tue, 18 Apr 2017 10:00:24 +0000

Vulnerability Summary The following advisory describes a local privilege escalation via LightDM found in Ubuntu versions 16.10 / 16.04 LTS. Ubuntu is an open source software platform that runs everywhere from IoT devices, the smartphone, the tablet and the PC to the server and the cloud. LightDM is an X display manager that aims to be lightweight, … Continue reading SSD Advisory – Ubuntu LightDM Guest Account Local Privilege Escalation

Read More
IndependentSecuriteam
admin

Know your community – Yasser Ali

Credit to Author: Maor Schwartz| Date: Tue, 18 Apr 2017 08:05:29 +0000

Today we have the honor to interview Yasser Ali! “Hall of Fame” member in PayPal / Ebay / Microsoft / Sony / Facebook and more, Security Manager at BugBountyHQ ‏(Bug Bounty Platform company), Senior Security Specialist at Deloitte and well known researcher. Questions Q: How many years have you been involved in the security field, … Continue reading Know your community – Yasser Ali

Read More
ComputerWorldIndependent
admin

Experts contend Microsoft canceled Feb. updates to patch NSA exploits

Credit to Author: Gregg Keizer| Date: Tue, 18 Apr 2017 13:06:00 -0700

Microsoft delayed its February security update slate to finish patching critical flaws in Windows that a hacker gang tried to sell, several security experts have argued.

“Looks like Microsoft had been informed by ‘someone,’ and purposely delayed [February’s] Patch Tuesday to successfully deliver MS17-010,” tweeted Matt Suiche, founder of Dubai-based security firm Comae Technologies.

MS17-010, one of several security bulletins Microsoft issued in March, was just one of several cited Friday by the Redmond, Wash. developer when it said it had already patched most of the vulnerabilities exploited by just-leaked hacking tools.

Those tools — 12 different Windows exploits — had been included in a large data dump made April 14 by a hacker group dubbed Shadow Brokers, which is believed to have ties to Russia. The exploits, as well as a trove of documents, had been stolen from the National Security Agency (NSA), Shadow Brokers claimed.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

How one personal cyber insurance policy stacks up

Credit to Author: Evan Schuman| Date: Tue, 18 Apr 2017 04:00:00 -0700

As cyber insurance slowly moves from corporate to consumer coverage, some interestingly comprehensive policies have been introduced. One, introduced this month by AIG, puts a strong emphasis on services to prevent attacks rather than merely paying for them once they happen. We decided to dive into the fine print to see how much wiggle room the insurer gave itself.

The new policy, called Family CyberEdge, is designed as a supplement to existing homeowner’s insurance and will cost an extra $597 for $50,000 limits for each key area, consisting of cyber extortion, data restoration, crisis management and cyber bullying, with no deductibles beyond a flat $1,000 for data restoration. Bump the coverage limit up to $100,000 and the annual premium rises to $972, or go for the maximum coverage of $250,000 and the annual premium comes in at $1,723.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

IDG Contributor Network: Most of the Windows zero-day exploits have already been patched

Credit to Author: Andy Patrizio| Date: Mon, 17 Apr 2017 12:46:00 -0700

Late last week, a hacker group known as The Shadow Brokers released a trove of Windows exploits it claims to have obtained from National Security Agency’s (NSA’s) elite hacking team. The group released the tools and presentations and files claiming to detail the agency’s methods of carrying out clandestine surveillance on Windows server software dating back to Windows XP and set off a mild panic for what was otherwise a slow Friday.

There’s just one problem: Microsoft says it has already issued patches for the majority of exploits, with some of them coming out as recently last month. The MSRC team made a blog post on Friday, the same day Shadow Brokers released the exploits, pointing this out. It was a remarkably quick response.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Microsoft confirms it's patched most of the NSA's Windows exploits

Credit to Author: Gregg Keizer| Date: Mon, 17 Apr 2017 12:05:00 -0700

Microsoft on Friday said it had patched most of the Windows vulnerabilities purportedly exploited by the National Security Agency (NSA) using tools that were leaked last week.

The Windows flaws were disclosed by the hacking gang Shadow Brokers in a large data dump earlier Friday. The group has released several collections of documents about the internal operations of the NSA, and the code it allegedly has used to compromise computers and other devices worldwide.

“Most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products,” Phillip Misner, a group manager in the Microsoft Security Response Center (MSRC), wrote in a post to a company blog.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

1,175 hotels listed in payment card breach of Holiday Inn parent company

Credit to Author: Darlene Storm| Date: Mon, 17 Apr 2017 10:11:00 -0700

You may recall commercials for Holiday Inn Express that revolved around a “Stay smart” theme, but if you stayed in Holiday Inn Express, or other InterContinental Hotels Group-branded franchise hotel late last year, then you would be really smart if you keep an eye out for unexpected charges on your credit card.

IHG finally reported the findings from an investigation into a breach of the company’s payment systems. The company has over 5,000 hotels across 100 counties, with brands such as Holiday Inn, Holiday Inn Resort, Holiday Inn Express, Crowne Plaza, Hotel Indigo, InterContinental, Kimpton, Staybridge Suites and Candlewood Suites. Hackers managed to get malware into the front desk payment system at some IHG-branded franchise hotels in the United States and Puerto Rico and made off with payment card data.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Profiling 10 types of hackers

Credit to Author: Ryan Francis| Date: Mon, 17 Apr 2017 04:00:00 -0700

Different shapes and sizes
01 hackers intro

Image by Thinkstock

Hackers, like the attacks they perpetrate, come in many forms, with motivations that range from monetary to political to ethical. Understanding the different types of hackers that exist and what motivates them can help you identify the attackers you are most susceptible to and properly defend yourself and your organization against cyberattacks. Travis Farral, director of security strategy at Anomali, outlines the top 10 types of hackers you should have on your radar.

To read this article in full or to leave a comment, please click here

Read More