Independent – Page 434 – Computer Security Articles

Credit to Author: Grant Gross| Date: Wed, 15 Feb 2017 11:01:00 -0800

Yahoo has begun warning individual users that their accounts with the service may have been compromised in a massive data breach it reported late last year.

The warning, in email messages sent from Yahoo CISO Bob Lord, tell users that a forged cookie may have been used to access their accounts in previous years.

The warning to Yahoo users come at the same time that news reports suggest that Verizon Communications, in negotiations to buy Yahoo, may be seeking a discount of $250 million because of the data breaches.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

February 15, 2017 admin

Hacker breached 63 universities and government agencies

Credit to Author: Darlene Storm| Date: Wed, 15 Feb 2017 09:33:00 -0800

A “Russian-speaking and notorious financially-motivated” hacker known as Rasputin has been at it again, hacking into universities and government agencies this time, before attempting to sell the stolen data on the dark web.

According to the security company Recorded Future, which has been tracking the cybercriminal’s breaches, Rasputin’s most recent victims include 63 “prominent universities and federal, state, and local U.S. government agencies.” The security firm has been following Rasputin’s activity since late 2016 when the hacker reportedly breached the U.S. Electoral Assistance Commission and then sold EAC access credentials.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

February 15, 2017 admin

The Future of Passwords and Authentication

Ping Identity's Patrick Harding joins Infoworld's Fahmida Rashid to take a look into the future of passwords and authentication for our increasingly complex online lives.

ComputerWorld Independent

February 15, 2017 admin

New Chinese Cybersecurity Threats

CSO's Steve Ragan talks with Cybereason's Chief Product Officer Sam Curry about the rising threat of attacks from nation-state actors, and how to address the unique nature of their attacks.

ComputerWorld Independent

February 15, 2017 admin

JavaScript-based attack simplifies browser exploits

Credit to Author: Lucian Constantin| Date: Wed, 15 Feb 2017 10:13:00 -0800

Researchers have devised a new attack that can bypass one of the main exploit mitigations in browsers: Address space layout randomization (ASLR). The attack takes advantage of how modern processors cache memory and, because it doesn’t rely on a software bug, fixing the problem is not easy.

Researchers from the Systems and Network Security Group at Vrije Universiteit Amsterdam (VUSec) unveiled the attack, dubbed AnC, Wednesday after having coordinated its disclosure with processor, browser and OS vendors since October.

ASLR is a feature present in all major operating systems. Applications, including browsers, take advantage of it to make the exploitation of memory corruption vulnerabilities like buffer overflows more difficult.

To read this article in full or to leave a comment, please click here

Independent Krebs

February 15, 2017 admin

Who Ran Leakedsource.com?

Credit to Author: BrianKrebs| Date: Wed, 15 Feb 2017 18:03:06 +0000

Late last month, multiple news outlets reported that unspecified law enforcement officials had seized the servers for Leakedsource.com, perhaps the largest online collection of usernames and passwords leaked or stolen in some of the worst data breaches — including billions of credentials for accounts at top sites like LinkedIn, Myspace, and Yahoo. In a development that may turn out to be deeply ironic, it seems that the real-life identity of Leakedsource’s principal owner may have been exposed by many of the same stolen databases he’s been peddling.

ComputerWorld Independent

February 15, 2017 admin

Researchers trick 'CEO' email scammer into giving up identity

Credit to Author: Michael Kan| Date: Wed, 15 Feb 2017 08:13:00 -0800

Businesses targeted in email scams don’t always have to play the victim. They can actually fight back.

Researchers at Dell SecureWorks have documented how they identified a suspected email scammer from Nigeria by essentially playing along with the scheme to fool the attacker into revealing his true whereabouts.

Anyone can use these tips, said Joe Stewart, director of malware research at SecureWorks. “We’re letting [the scammers] give us all the information about themselves,” he said.

The email scheme involved a fraudster impersonating a CEO in what’s called a business email spoofing attack. The goal is often to trick a victim into wiring funds to the scammer’s bank account.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

February 15, 2017 admin

Doubts abound over U.S. action on cybersecurity

Credit to Author: Michael Kan| Date: Wed, 15 Feb 2017 04:02:00 -0800

How should the U.S. respond to cyberattacks? That’s been a major question at this year’s RSA security conference, following Russia’s suspected attempt to influence last year’s election.

Clearly, the government should be doing more on cybersecurity, said U.S. lawmakers and officials at the show in San Francisco, but they admit that politics and policy conflicts have hampered the government’s approach.

“I wish the federal government could do this, but it’s very hard, unfortunately, due to partisan politics,” said Virginia Gov. Terry McAuliffe, during a speech at the show. “They haven’t been able to take the lead on this issue as they should have.”

To read this article in full or to leave a comment, please click here