Independent – Page 420 – Computer Security Articles

Credit to Author: Lucian Constantin| Date: Thu, 09 Mar 2017 04:19:00 -0800

Attackers are widely exploiting a recently patched vulnerability in Apache Struts that allows them to remotely execute malicious code on web servers.

Apache Struts is an open-source web development framework for Java web applications. It’s widely used to build corporate websites in sectors including education, government, financial services, retail and media.

On Monday, the Apache Struts developers fixed a high-impact vulnerability in the framework’s Jakarta Multipart parser. Hours later, an exploit for the flaw appeared on Chinese-language websites, which was almost immediately followed by real-world attacks, according to researchers from Cisco Systems.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 9, 2017 admin

Why email is safer in Office 365 than on your Exchange server

Credit to Author: Mary Branscombe| Date: Thu, 09 Mar 2017 04:11:00 -0800

Running your own email servers doesn’t do anything to differentiate your business from the competition (except in a bad way, if you get hacked). But avoiding the effort of managing and monitoring your own mail server isn’t the only advantage of a cloud service. The scale of a cloud mail provider like Office 365 means that malware and phishing attacks are easier to spot — and the protections extend beyond your inbox.

To read this article in full or to leave a comment, please click here

(Insider Story)

ComputerWorld Independent

March 9, 2017 admin

WikiLeaks looks at helping tech vendors disarm CIA hacking tools

Credit to Author: Michael Kan| Date: Thu, 09 Mar 2017 03:57:00 -0800

WikiLeaks has attracted plenty of haters over its controversial disclosures. But the site may be in a unique position to help tech vendors better secure their products.

That’s because WikiLeaks has published secret hacking tools allegedly taken from the CIA, which appear to target smartphones, smart TVs and PCs.

Companies including Apple and Cisco have been looking through the stolen documents to address any vulnerabilities the CIA may have exploited. However, WikiLeaks might be able to speed up and expand the whole process.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 8, 2017 admin

Security holes in Confide messaging app exposed user details

Credit to Author: Michael Kan| Date: Wed, 08 Mar 2017 12:51:00 -0800

Confide, a messaging app reportedly used by U.S. White House staff, apparently had several security holes that made it easier to hack.

Security consultancy IOActive found the vulnerabilities in Confide, which promotes itself as an app that offers “military-grade” end-to-end encryption.

But despite its marketing, the app contained glaring problems with securing user account information, IOActive said in a Wednesday post.

The consultancy noticed it could access records for 7,000 Confide users by exploiting vulnerabilities in the app’s account management system. Part of the problem resided with Confide’s API, which could be used to reveal data on user’s phone numbers and email addresses.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 8, 2017 admin

Leaked docs suggest NSA and CIA behind Equation cyberespionage group

Credit to Author: Lucian Constantin| Date: Wed, 08 Mar 2017 12:40:00 -0800

Purported CIA documents leaked Tuesday appear to confirm that the U.S. National Security Agency and one of the CIA’s own divisions were responsible for the malware tools and operations attributed to a group that security researchers have dubbed the Equation.

The Equation’s cyberespionage activities were documented in February 2015 by researchers from antivirus vendor Kaspersky Lab. It is widely considered to be the most advanced cyberespionage group in the world, based on the sophistication of its tools and the length of its operations, some possibly dating as far back as 1996.

To read this article in full or to leave a comment, please click here

Independent Krebs

March 8, 2017 admin

WikiLeaks Dumps Docs on CIA’s Hacking Tools

Credit to Author: BrianKrebs| Date: Wed, 08 Mar 2017 18:39:11 +0000

WikiLeaks on Tuesday dropped one of its most explosive word bombs ever: A secret trove of documents apparently stolen from the U.S. Central Intelligence Agency (CIA) detailing methods of hacking everything from smart phones and TVs to compromising Internet routers and computers. KrebsOnSecurity is still digesting much of this fascinating data cache, but here are some first impressions based on what I’ve seen so far.

ComputerWorld Independent

March 8, 2017 admin

CIA hacking tools targeting Windows

Credit to Author: Darlene Storm| Date: Wed, 08 Mar 2017 08:22:00 -0800

By releasing information about CIA hacking tools, WikiLeaks has given a new meaning to March Madness.

The CIA’s project Fine Dining is intriguing, since it outlines DLL hijacks for Sandisk Secure, Skype, Notepad++, Sophos, Kaspersky, McAfee, Chrome, Opera, Thunderbird, LibreOffice, and some games such as 2048, which the CIA writer “got a good lol out of.” Yet I was curious about what the CIA does to targeted machines running Windows since so many people use the OS.

Nearly everything dealing with the CIA hacking arsenal and Windows is labeled as “secret.” Nicholas Weaver, a computer scientist at the University of California at Berkeley, told NPR that the Vault 7 release is not all that big of a deal, not too surprising the agency hacks. Yet if “Year Zero” was obtained by a non-government hacker compromising the CIA’s system, then that would be a big deal.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 8, 2017 admin

IDG Contributor Network: Why the Samsung TV spying hack is way overblown

Credit to Author: John Brandon| Date: Wed, 08 Mar 2017 07:25:00 -0800

Major media has some egg on their face over this one.

Drawn to the attention-grabbing idea of your Samsung TV being compromised by the CIA, and knowing a lot of people have a Samsung TV, the headlines went something like this.

WikiLeaks says CIA hacked Samsung smart TVs

Why your smart TV is the perfect way to spy on you

None of these reports bothered to explain any of the details.

As noted in Wired and in this Forbes report, the CIA cannot spy on you over wireless. To update a Samsung TV, they’d need to use a USB key to install a firmware update. Also, the televisions are older models from 2013. To record any conversations or video, the CIA would then have to copy files back onto the USB drive.

To read this article in full or to leave a comment, please click here