Tuesday, April 28, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Independent

ComputerWorldIndependent
admin

Review: vArmour flips security on its head

Credit to Author: John Breeden II| Date: Mon, 06 Mar 2017 04:45:00 -0800

Almost every cybersecurity program these days does some sort of scanning, sandboxing or traffic examination to look for anomalies that might indicate the presence of malware. We’ve even reviewed dedicated threat-hunting tools that ferret out malware that’s already active inside a network.

To read this article in full or to leave a comment, please click here

(Insider Story)

Read More
ComputerWorldIndependent
admin

Would killing Bitcoin end ransomware?

Credit to Author: Ryan Francis| Date: Fri, 03 Mar 2017 12:51:00 -0800

Ransomware is running rampant. The SonicWall GRID Threat Network detected an increase from 3.8 million ransomware attacks in 2015 to 638 million in 2016. According to a Radware report, 49 percent of businesses were hit by a ransomware attack in 2016. Quite often the attacker asks for some amount of cybercurrency – usually Bitcoin – in exchange for providing a decryption key.

To read this article in full or to leave a comment, please click here

(Insider Story)

Read More
ComputerWorldIndependent
admin

HackerOne offers bug bounty service for free to open-source projects

Credit to Author: Lucian Constantin| Date: Fri, 03 Mar 2017 12:41:00 -0800

HackerOne, the company behind one of the most popular vulnerability coordination and bug bounty platforms, has decided to make its professional service available to open-source projects for free.

“Here at HackerOne, open source runs through our veins,” the company’s representatives said in a blog post. “Our company, product, and approach is built on, inspired by, and driven by open source and a culture of collaborative software development. As such, we want to give something back.”

HackerOne is a platform that makes it easier for companies to interact with security researchers, triage their reports, and reward them. Very few companies have the necessary resources to build and maintain bug bounty programs on their own with all the logistics that such efforts involve, much less so open-source projects that are mostly funded through donations.

To read this article in full or to leave a comment, please click here

Read More
IndependentSecuriteam
admin

SSD Advisory – MuraCMS Multiple Vulnerabilities

Credit to Author: Maor Schwartz| Date: Fri, 03 Mar 2017 16:04:16 +0000

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in MuraCMS version 6.2. MuraCMS is an open source content management system for CFML, created by Blue River Interactive Group. Mura has been designed to be used by marketing departments, web designers and developers. The vulnerabilities found in MuraCMS are: Unauthenticated remote arbitrary code execution … Continue reading SSD Advisory – MuraCMS Multiple Vulnerabilities

Read More
ComputerWorldIndependent
admin

Fileless PowerShell malware uses DNS as covert channel

Credit to Author: Lucian Constantin| Date: Fri, 03 Mar 2017 09:20:00 -0800

Targeted attacks are moving away from traditional malware to stealthier techniques that involve abusing standard system tools and protocols, some of which are not always monitored.

The latest example is an attack dubbed DNSMessenger, which was analyzed by researchers from Cisco Systems’ Talos team. The attack starts with a malicious Microsoft Word document distributed through an email phishing campaign.

When opened, the file masquerades as a “protected document” secured by McAfee, an antivirus brand now owned by Intel Security. The user is asked to click on the ‘enable content’ button in order to view the document’s content, but doing so will actually execute malicious scripting embedded within.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Pence used private mail for state work as governor; account was hacked

Credit to Author: John Ribeiro| Date: Fri, 03 Mar 2017 03:06:00 -0800

U.S. Vice President Mike Pence reportedly used a private email account to transact state business when he was governor of Indiana, and his AOL account was hacked once, according to a news report.

Emails released to the Indianapolis Star following a public records request are said to show that Pence used his personal AOL account to communicate with his top advisers on issues ranging from security gates at the governor’s residence to the state’s response to terror attacks across the globe.

A hacker seems to have got access to his email account in June, and sent a fake mail to people on the former governor’s contact list, claiming that Pence and his wife had been attacked on their way back to their hotel in the Philippines, according to the report. Pence subsequently changed his AOL account.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Slack bug paved the way for a hack that can steal user access

Credit to Author: Michael Kan| Date: Thu, 02 Mar 2017 12:36:00 -0800

One bug in Slack, the popular work chat application, was enough for a security researcher to design a hack that could trick users into handing over access to their accounts.

Bug bounty hunter Frans Rosen noticed he could steal Slack access tokens to user accounts due to a flaw in the way the application communicates data in an internet browser.

“Slack missed an important step when using a technology called postMessage,” Rosen said on Wednesday in an email.  

PostMessage is a kind of command that can let separate browser windows communicate with each other. In Slack, it’s used whenever the chat application opens a new window to enable a voice call.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Free decryption tools now available for Dharma ransomware

Credit to Author: Lucian Constantin| Date: Thu, 02 Mar 2017 12:24:00 -0800

Computer users who have been affected by the Dharma ransomware and have held onto their encrypted files can now restore them for free. Researchers have created decryption tools for this ransomware strain after someone recently leaked the decryption keys.

Dharma first appeared in November and is based on an older ransomware program known as Crysis. It’s easy to recognize files affected by it because they will have the extension: .[email_address].dharma, where the email address is the one used by the attacker as a point of contact.

On Wednesday, a user named gektar published a link to a Pastebin post on the BleepingComputer.com technical support forum. The post, he claimed, contained the decryption keys for all Dharma variants.

To read this article in full or to leave a comment, please click here

Read More