RSS Reader for Computer Security Articles
Credit to Author: Maor Schwartz| Date: Wed, 05 Apr 2017 07:22:14 +0000
One of the first names I knew of when I entered into the security field was Stefan Esser (@i0n1c). The guy that dropped 10 0-days in 2013 during SyScan, Founder of SektionEins GmbH, CEO of Antid0te UG, Speaker in all major security conferences and today’s one of the most talented security researchers. I had the … Continue reading Know your community – Stefan Esser
Read More
Credit to Author: Lucian Constantin| Date: Wed, 05 Apr 2017 10:59:00 -0700
A critical vulnerability in the widely used Xen hypervisor allows attackers to break out of a guest operating system running inside a virtual machine and access the host system’s entire memory.
This is a serious violation of the security barrier enforced by the hypervisor and poses a particular threat to multi-tenant data centers where the customers’ virtualized servers share the same underlying hardware.
The open-source Xen hypervisor is used by cloud computing providers and virtual private server hosting companies, as well as by security-oriented operating systems like Qubes OS.
The new vulnerability affects Xen 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x and has existed in the Xen code base for over four years. It was unintentionally introduced in December 2012 as part of a fix for a different issue.
To read this article in full or to leave a comment, please click here
Credit to Author: Darlene Storm| Date: Wed, 05 Apr 2017 09:22:00 -0700
Microsoft has been under fire for its privacy practices since Windows 10 launched in July 2015, so the company finally caved to the pressure to be more transparent and revealed the type of diagnostic data it collects.
According to Microsoft, “One of our most important improvements in the Creators Update is a set of privacy enhancements that will be mostly behind the scenes.” Today Microsoft listed three new things about your privacy with Windows 10 after upgrading to the Creators Update. It clarified descriptions about privacy settings, updated its privacy statement and, best of all, it coughed up more information about the data Windows 10 collects from you.
To read this article in full or to leave a comment, please click here
Credit to Author: Eric Geier| Date: Mon, 03 Apr 2017 17:51:00 -0700
With nasty malware like Locky making the rounds—encrypting its victims’ files, and then refusing to unlock them unless you pay up—ransomware is a serious headache. But not all ransomware is so difficult.
You can remove many ransomware viruses without losing your files, but with some variants that isn’t the case. In the past I’ve discussed general steps for removing malware and viruses, but you need to apply some specific tips and tricks for ransomware. The process varies and depends on the type of invader. Some procedures involve a simple virus scan, while others require offline scans and advanced recovery of your files. I categorize ransomware into three varieties: scareware, lock-screen viruses, and the really nasty stuff.
To read this article in full or to leave a comment, please click here
In the latest episode of Security Sessions, CSO Editor-in-Chief Joan Goodchild sits down with Sanjay Raja from Lumeta, a network and performance monitoring company. The two discuss how CSOs and CISOs can get a handle on the explosion of new devices entering the network and how to make sure those devices are secured.
Credit to Author: John Ribeiro| Date: Wed, 05 Apr 2017 04:12:00 -0700
Facebook’s appeal against 381 warrants for information from the accounts of its users was rejected by a court in New York on the grounds that earlier orders refusing to quash the warrants issued in a criminal proceeding could not be appealed.
The decision by the New York State Court of Appeals did not address key issues of whether the broad searches were unconstitutional, and whether internet service providers like Facebook have standing to challenge such warrants on behalf of their users, particularly when they are served with gag orders that prevent providers from informing subscribers about the warrants.
“This case undoubtedly implicates novel and important substantive issues regarding the constitutional rights of privacy and freedom from unreasonable search and seizure, and the parameters of a federal statute establishing methods by which the government may obtain certain types of information,” wrote Judge Leslie E. Stein, writing for the majority.
To read this article in full or to leave a comment, please click here
Credit to Author: BrianKrebs| Date: Tue, 04 Apr 2017 18:41:33 +0000
“He built a piece of software. That tool was pirated and abused by hackers. Now the feds want him to pay for the computer crooks’ crimes.” The above snippet is the subhead of a story published last month by the Daily Beast titled “FBI Arrests Hacker Who Hacked No One.” The subject of that piece — a 26-year-old American named Taylor Huddleston — faces felony hacking charges connected to two computer programs he authored and sold: An anti-piracy product called Net Seal, and a Remote Administration Tool (RAT) called NanoCore that he says was a benign program designed to help users remotely administer their computers. The author of the Daily Beast story, former black hat hacker and Wired.com editor Kevin Poulsen, argues that Huddelston’s case “raises a novel question: When is a programmer criminally responsible for the actions of his users? Some experts say [the case] could have far reaching implications for developers, particularly those working on new technologies that criminals might adopt in unforeseeable ways.” But a closer look at the government’s side of the story — as well as public postings left behind by the accused and his alleged accomplices — paints a more complex and nuanced picture that suggests this may not be the case to raise that legal question in a meaningful way.
Read More
Credit to Author: Michael Kan| Date: Tue, 04 Apr 2017 14:52:00 -0700
Companies that choose to outsource their IT operations should be careful. Suspected Chinese hackers have been hitting businesses by breaching their third-party IT service providers.
Major IT suppliers that specialize in cloud storage, help desk, and application management have become a top target for the hacking group known as APT10, security providers BAE Systems and PwC said in a joint report.
That’s because these suppliers often have direct access to their client’s networks. APT10 has been found stealing intellectual property as part of a global cyberespionage campaign that ramped up last year, PwC said on Monday.
To read this article in full or to leave a comment, please click here