Tuesday, April 28, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Independent

IndependentKrebs
admin

Student Aid Tool Held Key for Tax Fraudsters

Credit to Author: BrianKrebs| Date: Tue, 21 Mar 2017 19:07:14 +0000

Citing concerns over criminal activity and fraud, the U.S. Internal Revenue Service (IRS) has disabled an automated tool on its Web site that was used to help students and their families apply for federal financial aid. The removal of the tool has created unexpected hurdles for many families hoping to qualify for financial aid, but the action also eliminated a key source of data that fraudsters could use to conduct tax refund fraud. Last week, the IRS and the Department of Education said in a joint statement that they were temporarily shutting down the IRS’s Data Retrieval Tool. The service was designed to make it easier to complete the Education Department’s Free Application for Federal Student Aid (FAFSA) — a lengthy form that serves as the starting point for students seeking federal financial assistance to pay for college or career school.

Read More
ComputerWorldIndependent
admin

Flaws in Moodle CMS put thousands of e-learning websites at risk

Credit to Author: Lucian Constantin| Date: Tue, 21 Mar 2017 10:48:00 -0700

Organizations that use the popular Moodle learning management system should deploy the latest patches as soon as possible because they fix vulnerabilities that could allow attackers to take over web servers.

Moodle is an open source platform used by schools, universities, and other organizations to set up websites with interactive online courses. It’s used by more than 78,000 e-learning websites from 234 countries that together have more than 100 million users.

A week ago the Moodle developers released updates for the still supported branches of the platform: 3.2.2, 3.1.5, 3.0.9 and 2.7.19. The release notes mentioned that “a number of security related issues were resolved,” but didn’t provide any additional details about their nature or impact.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Cisco issues critical warning after CIA WikiLeaks dump bares IOS security weakness

Credit to Author: Michael Cooney| Date: Tue, 21 Mar 2017 08:50:00 -0700

A vulnerability in Cisco’s widely deployed IOS software that was disclosed in the recent WikiLeaks dump of CIA exploits has triggered the company to release a critical warning for its Catalyst networking customers.

+More on Cisco Security on Network World: Cisco security advisory dump finds 20 warnings, 2 critical+

The vulnerability — which could let an attacker cause a reload of an affected device or remotely execute code and take over a device — affects more than 300 models of Cisco Catalyst switches from the model 2350-48TD-S Switch to the Cisco SM-X Layer 2/3 EtherSwitch Service Module.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

U.S. bans electronics larger than smartphones in cabins on some flights

Credit to Author: John Ribeiro| Date: Tue, 21 Mar 2017 05:02:00 -0700

The U.S. Department of Homeland Security has ordered that passengers on flights departing for the U.S from 10 airports in the Middle East and Africa will have to carry personal electronics larger than a smartphone as checked baggage, citing increased terror threats.

Giving the approximate size of a commonly available smartphone as a guideline for passengers, the DHS said that laptops, tablets, e-readers, cameras, portable DVD players, electronic game units larger than smartphones, and travel printers or scanners were the kind of personal electronics that would not be allowed in the cabin and would have to be carried as checked baggage.

Approved medical devices may be brought into the cabin after additional screening. The size of smartphones is well understood by most passengers who fly internationally, according to the DHS, which in any case asked passengers to check with their airline if they are unsure whether their smartphone is impacted.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Mozilla beats rivals, patches Firefox's Pwn2Own bug

Credit to Author: Gregg Keizer| Date: Mon, 20 Mar 2017 17:26:00 -0700

Mozilla last week patched a Firefox vulnerability just a day after it was revealed during Pwn2Own, the first vendor to fix a flaw disclosed at the hacking contest.

“Congrats to #Mozilla for being the first vendor to patch vuln[erability] disclosed during #Pwn2Own,” tweeted the Zero Day Initiative (ZDI) Monday. ZDI, the bug brokerage run by Trend Micro, sponsored Pwn2Own.

Mozilla released Firefox 52.0.1 on Friday, March 17, with a patch for the integer overflow bug that Chaitin Security Research Lab leveraged in an exploit at Pwn2Own on Thursday, March 16. The Beijing-based group was awarded $30,000 by ZDI for the exploit, which combined the Firefox bug with one in the Windows kernel.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

The ultimate guide to strategic tech partners

Credit to Author: Bob Violino| Date: Mon, 20 Mar 2017 03:38:00 -0700

The IT vendor landscape is constantly in flux, with mergers, acquisitions, new technology developments and the growth of the cloud having a huge impact on which companies might be the most strategic partners for organizations looking to enhance their technology infrastructure.

To read this article in full or to leave a comment, please click here

(Insider Story)

Read More
ComputerWorldIndependent
admin

Russia will strike U.S. elections again, FBI warns

Credit to Author: Michael Kan| Date: Mon, 20 Mar 2017 13:16:00 -0700

Future U.S. elections may very well face more Russian attempts to interfere with the outcome, the FBI and the National Security Agency warned on Monday.

“They’ll be back,” said FBI director James Comey. “They’ll be back in 2020. They may be back in 2018.”

Comey made the comment during a congressional hearing on Russia’s suspected efforts to meddle with last year’s presidential election. Allegedly, cyberspies from the country hacked several high-profile Democratic groups and people, in an effort to tilt the outcome in President Donald Trump’s favor.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Pwn2Own ends with two virtual machine escapes

Credit to Author: Lucian Constantin| Date: Mon, 20 Mar 2017 12:08:00 -0700

Two teams of researchers managed to win the biggest bounties at this year’s Pwn2Own hacking contest by escaping from the VMware Workstation virtual machine and executing code on the host operating system.

Virtual machines are in used in many scenarios to create throw-away environments that pose no threat to the main operating system in case of compromise. For example, many malware researchers execute malicious code or visit compromise websites inside virtual machines to observe their behavior and contain their impact.

One of the main goals of hypervisors like VMware Workstation is to create a barrier between the guest operating system that runs inside the virtual machine and the host OS where the hypervisor runs. That’s why VM escape exploits are highly prized, more so than browser or OS exploits.

To read this article in full or to leave a comment, please click here

Read More