Monday, April 27, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Independent

ComputerWorldIndependent
admin

UEFI flaws can be exploited to install highly persistent ransomware

Credit to Author: Lucian Constantin| Date: Mon, 03 Apr 2017 11:31:00 -0700

Over the past few years, the world has seen ransomware threats advance from living inside browsers to operating systems, to the bootloader, and now to the low-level firmware that powers a computer’s hardware components.

Earlier this year, a team of researchers from security vendor Cylance demonstrated a proof-of-concept ransomware program that ran inside a motherboard’s Unified Extensible Firmware Interface (UEFI) — the modern BIOS.

On Friday, at the Black Hat Asia security conference, the team revealed how they did it: By exploiting vulnerabilities in the firmware of two models of ultra compact PCs from Taiwanese computer manufacturer Gigabyte Technology.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Project launches to find out if there is truly a link between cybercrime and autism

Credit to Author: Darlene Storm| Date: Mon, 03 Apr 2017 08:57:00 -0700

Is there really a link between autism and cybercrime? A project launched today intends to find out.

When President Donald Trump proclaimed April 2 to be World Autism Awareness Day – actually it was the ninth annual such day – he cited CDC estimations that “Autism spectrum disorders affect an estimated one out of every 68 children in America.”

It seems Hollywood is trying to show how common autism is; Billy, the blue ranger, in Power Rangers, and Sesame Street’s Muppet Julia are recent characters with autism spectrum disorder which are not portrayed as Rain Man-like savants.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

WikiLeaks’ Assange gets relief from left victory in Ecuador

Credit to Author: John Ribeiro| Date: Mon, 03 Apr 2017 04:18:00 -0700

The win in Ecuador’s presidential elections of leftist government candidate Lenin Moreno will likely provide relief to WikiLeaks’ founder Julian Assange, who had been threatened with eviction from the country’s embassy in London by the opposition candidate.

The election in the South American country had aroused interest in part because the conservative opposition candidate, Guillermo Lasso, had said that if elected he would evict Assange within 30 days of assuming power, because it was costing the country too much to keep him at the embassy.

The embassy is being constantly monitored by U.K. police ever since Assange slipped into it in 2012 and was granted asylum by the Ecuador government. Police say they will arrest Assange if he comes out of the embassy to meet an extradition request from Sweden in connection with an investigation into a sexual assault. Assange supporters are concerned that he may be moved from Sweden to the U.S. to face charges in connection with several leaks of confidential U.S. government information.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Taming the SaaS security wilderness

Credit to Author: Mathias Thurman| Date: Mon, 03 Apr 2017 04:04:00 -0700

The security risk that I am most focused on right now is this: Shadow IT and the consumerization of IT have put too many employee work activities out of sight of the security department.

Employees at my company now use more than 90 cloud-based apps that I know of. Most of these are categorized as software as a service (SaaS). Many are corporate-sanctioned, meaning the business unit or IT went through a selection process to identify and procure an application, and my department was at least consulted. This list includes applications such as ADP for payroll, Salesforce, Workday, Oracle, WebEx, Google Docs, Microsoft Office 365 and SAP.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

IDG Contributor Network: Neiman Marcus data breach settlement tells us plenty about the ROI of security

Credit to Author: Evan Schuman| Date: Mon, 03 Apr 2017 04:00:00 -0700

There is a security ROI dance in retail today. Executives know that they can skimp on security and have a statistically decent chance the company won’t get caught by a cyberthief before someone else has their job. The only way that security has a chance of achieving a reasonable ROI is if the pain that results from a breach is massive. It rarely is, as the recent data breach settlement from Neiman Marcus illustrates only too well.

Back in January 2014, Neiman Marcus announced a data breach, even though it had known about it for roughly a month. The chain initially reported that the attack — which happened in 2013, between July 16 and Oct. 30 — impacted 1.1 million customers, a number that the retailer later reduced to 370,385. About 9,200 shoppers experienced actual fraud.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

As March Madness wraps up tonight, security tech is ready

Credit to Author: Matt Hamblen| Date: Fri, 31 Mar 2017 13:06:00 -0700

At this weekend’s Final Four college basketball tournament, sophisticated technology is in place to help public safety officials monitor crowds, vehicles, social networks and unauthorized drones from a command center at an undisclosed location in downtown Phoenix.

An array of thousands of cameras and other sensors are already in place across public venues and roadways in the Phoenix area. The games will take take place Saturday night and Monday night at the University of Phoenix Stadium in suburban Glendale, Ariz., nine miles from downtown.

In the stadium alone, more than 700 video cameras are likely to be used to monitor vendors and crowds. Thousands more video cameras and motions sensors are ready to watch vehicles on highways and crowds at 20 Final Four special events, at the four hotels where college teams are lodging and in parking areas.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

All they needed was a little motivation

Credit to Author: Sharky| Date: Mon, 03 Apr 2017 03:00:00 -0700

This hospital’s email admins have implemented spam alerts — but they don’t want false-positives to wait for a daily quarantine message, reports a pilot fish on the scene.

“They decided to send a ‘you have potential spam’ email each time a piece of potential spam arrived,” grumbles fish.

“So our users, instead of the constant flow of spam, received a constant flow of you-may-have-spam alerts, which required them to open their quarantine and deal with it. Needless to say, this actually took more time than if the spam was just allowed in.

“One guy I worked with called the admins and explained that this policy wasn’t very good — and was met with ‘Well, we feel it is and we’re not changing it.’

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Triple your privacy with a Chromebook and two VPNs

Credit to Author: Michael Horowitz| Date: Fri, 31 Mar 2017 15:27:00 -0700

Now that Republicans in Congress have sold us out, everyone is writing about technical ways to prevent your Internet Service Provider (ISP) from watching your on-line activity. The FBI and the British Government complain about bad guys going dark, but now the rest of us have to do so too, if we want any shred of privacy.

The generic, knee-jerk reaction is to use either a VPN or Tor. Both offer encryption that stealths you to your ISP. I wrote about them back in September (A Defensive Computing term paper on privacy: VPNs, Tor and VPN routers) but here I’m taking things a bit further. 

To read this article in full or to leave a comment, please click here

Read More