Independent – Page 406 – Computer Security Articles

Credit to Author: Eric Geier| Date: Thu, 30 Mar 2017 13:41:00 -0700

Virtual private networks have many uses. Typically, businesses deploy VPNs so employees can securely access the corporate network from outside the office. However, we’ve seen a rise in third-party VPN services that use the same underlying technology, the encrypted tunnel, to simply provide a secure Internet connection.

Why would you ever need to do this?

When connected to a VPN service, the websites you access think you’re at the location where the VPN server is located. This can help anonymize your Internet traffic so it’s much harder for websites to track your personal browsing history.

This also allows you to access websites, services, and content that’s restricted where you are currently located, such as Netflix or Hulu when traveling overseas.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 30, 2017 admin

Senator: Russia used 'thousands' of internet trolls during U.S. election

Credit to Author: Grant Gross| Date: Thu, 30 Mar 2017 13:13:00 -0700

The Russian government used “thousands” of internet trolls and bots to spread fake news, in addition to hacking into political campaigns leading up to the 2016 U.S. election, according to one lawmaker.

Disinformation spread on social media was designed to raise doubts about the U.S. election and the campaign of Democratic presidential candidate Hillary Clinton, said Senator Mark Warner, a Virginia Democrat.

“This Russian propaganda on steroids was designed to poison the national conversation in America,” Warner said Thursday during a Senate hearing on Russian election hacking. The Russian government used “thousands of paid internet trolls” and bots to spread disinformation on social media.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 30, 2017 admin

Google patches Chrome bug from fizzled Pwn2Own hack

Credit to Author: Gregg Keizer| Date: Thu, 30 Mar 2017 12:03:00 -0700

Google yesterday updated Chrome to patch several vulnerabilities, including a bug in the browser’s JavaScript engine that a Chinese team tried to exploit at a recent hacking contest.

The update to version 57.0.2987.133 contained fixes for five vulnerabilities, one marked “Critical” — the most serious rating in Google’s system — and the others tagged “High.”

Of the four vulnerabilities ranked High, one was attributed to “Team Sniper,” one of five groups from Chinese company Tencent Security that participated in this year’s edition of Pwn2Own, one of the world’s best-known hacking contests. Pwn2Own ran March 15-17 alongside the CanSecWest conference in Vancouver, British Columbia.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 30, 2017 admin

Millions of websites affected by unpatched flaw in Microsoft IIS 6 web server

Credit to Author: Lucian Constantin| Date: Thu, 30 Mar 2017 08:11:00 -0700

A proof-of-concept exploit has been published for an unpatched vulnerability in Microsoft Internet Information Services 6.0, a version of the web server that’s no longer supported but still widely used.

The exploit allows attackers to execute malicious code on Windows servers running IIS 6.0 with the privileges of the user running the application. Extended support for this version of IIS ended in July 2015 along with support for its parent product, Windows Server 2003.

Even so, independent web server surveys suggest that IIS 6.0 still powers millions of public websites. In addition, many companies might still run web applications on Windows Server 2003 and IIS 6.0 inside their corporate networks, so this vulnerability could help attackers perform lateral movement if they access such networks through other means.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 30, 2017 admin

Three privacy tools that block your Internet provider from tracking you

Credit to Author: Ian Paul| Date: Wed, 29 Mar 2017 08:04:00 -0700

It’s official: Congress has sold you out to Internet service providers, passing a bill that dismantles Internet privacy rules and allows ISPs to sell your web history and other personal information without your permission. Assuming President Trump signs the bill into law, it means anyone concerned about privacy will have to protect themselves against over zealous data collection from their ISP.

Some privacy-conscious folks are already doing that—but many aren’t. If you want to keep your ISP from looking over your shoulder for data to sell to advertisers, here are three relatively simple actions you can take to get started.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 30, 2017 admin

Open-source developers targeted in sophisticated malware attack

Credit to Author: Lucian Constantin| Date: Thu, 30 Mar 2017 04:30:00 -0700

For the past few months, developers who publish their code on GitHub have been targeted in an attack campaign that uses a little-known but potent cyberespionage malware.

The attacks started in January and consisted of malicious emails specifically crafted to attract the attention of developers, such as requests for help with development projects and offers of payment for custom programming jobs.

The emails had .gz attachments that contained Word documents with malicious macro code attached. If allowed to execute, the macro code executed a PowerShell script that reached out to a remote server and downloaded a malware program known as Dimnie.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 30, 2017 admin

VMware patches critical virtual machine escape flaws

Credit to Author: Lucian Constantin| Date: Thu, 30 Mar 2017 03:53:00 -0700

VMware has released critical security patches for vulnerabilities demonstrated during the recent Pwn2Own hacking contest that could be exploited to escape from the isolation of virtual machines.

The patches fix four vulnerabilities that affect VMware ESXi, VMware Workstation Pro and Player and VMware Fusion.

Two of the vulnerabilities, tracked as CVE-2017-4902 and CVE-2017-4903 in the Common Vulnerabilities and Exposures database, were exploited by a team from Chinese internet security firm Qihoo 360 as part of an attack demonstrated two weeks ago at Pwn2Own.

The team’s exploit chain started with a compromise of Microsoft Edge, moved to the Windows kernel, and then exploited the two flaws to escape from a virtual machine and execute code on the host operating system. The researchers were awarded $105,000 for their feat.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 30, 2017 admin

Trump extends Obama executive order on cyberattacks

Credit to Author: Martyn Williams| Date: Thu, 30 Mar 2017 03:24:00 -0700

President Donald Trump is extending by one year special powers introduced by former President Barack Obama that allow the government to issue sanctions against people and organizations engaged in significant cyberattacks and cybercrime against the U.S.

Executive Order 13694 was introduced on April 1, 2015, and was due to expire on Saturday, but the president sent a letter to Congress on Wednesday evening saying he plans to keep the order active.

“Significant malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States, continue to pose an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States,” Trump wrote in the letter. “Therefore, I have determined that it is necessary to continue the national emergency declared in Executive Order 13694 with respect to significant malicious cyber-enabled activities.”

To read this article in full or to leave a comment, please click here