Thursday, April 30, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Independent

ComputerWorldIndependent
admin

Google pushed developers to fix security flaws in 275K Android apps

Over the past two years, Google has pressured developers to patch security issues in more than 275,000 Android apps hosted on its official app store. In many cases this was done under the threat of blocking future updates to the insecure apps.

Since 2014, Google has been scanning apps published on Google Play for known vulnerabilities as part of its App Security Improvement (ASI) program. Whenever a known security issue is found in an application, the developer receives an alert via email and through the Google Play Developer Console.

[To comment on this story, visit Computerworld’s Facebook page.]

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Trump nominee suggests IRS cybersecurity and staffing boosts

Cybersecurity and staffing upgrades at the Internal Revenue Service appear to be in store, assuming Steven Mnuchin is confirmed as Treasury Secretary in the new Trump Administration.

Mnuchin, a former CIO and executive vice president for Goldman Sachs, told senators in a five-hour confirmation hearing on Thursday that he is “very concerned about the lack of first-rate technology at the IRS” as well as staff cuts in recent years. Mnuchin is expected to be confirmed, and would likely work with Trump to pick the next IRS director.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Microsoft’s standing to sue over secret U.S. data requests in doubt

Microsoft’s lawsuit objecting to the indiscriminate use by U.S. law enforcement of orders that demand user data without the opportunity to inform the customer may run into questions about the software giant’s standing to raise the issue on behalf of its customers.

A government motion to dismiss Microsoft’s complaint comes up for oral arguments Monday and significantly the judge said on Thursday that the issue of whether Fourth Amendment rights are personal or can be “vicariously” asserted by third-parties on behalf of their customers would have to be addressed by both sides. The Fourth Amendment to the U.S. Constitution prohibits unreasonable searches and seizure of property.

To read this article in full or to leave a comment, please click here

Read More
IndependentSecuriteam
admin

Know your community – Beist (SeungJin Lee)


On our last blog post “Know your community” we interviewed Ionut Popescu from Romania. Today we had the honor to interview Beist (SeungJin Lee)! Introduction SeungJin Lee, known as Beist is a 32 years old security researcher from South Korea. Beist is the founder of GrayHash (pen-testing company) and highly regarded security research that found … Continue reading Know your community – Beist (SeungJin Lee)

Read More
IndependentSecuriteam
admin

SSD Advisory – SAP Afaria SQL Injection

Vulnerabilities Summary The following advisory describes an SQL injection vulnerabilities in the SAP Afaria Service Pack 4 HotFix 15 that can lead to execute arbitrary code. Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor Responses SAP Afaria has released patch to address the vulnerability – SP5 … Continue reading SSD Advisory – SAP Afaria SQL Injection

Read More
IndependentSecuriteam
admin

Know your community – Ionut Popescu


When we sponsored DefCamp Romania back in November 2016, I saw Ionut Popescu lecture “Windows shellcodes: To be continued” and thought to myself “He’s must be a key figure in the Romanian security community – I must interview him” so I did! Introduction Ionut is working as a Senior Penetration Tester for SecureWorks Romania. Speaker … Continue reading Know your community – Ionut Popescu

Read More
IndependentSecuriteam
admin

SSD Advisory – ZyXEL Enterprise Network Center and Vantage Centralized Network Management Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describes three (3) vulnerabilities found in ZyXEL Enterprise Network Center (version 1.3.218.61) and two (2) vulnerabilities found in ZyXEL Vantage Centralized Network Management (version 3.2) The three vulnerabilities found in ZyXEL Enterprise Network Center (version 1.3.218.61) are: Directory traversal and Command injection vulnerabilities leading to Remote Command Execution “ShowIcon” Servlet … Continue reading SSD Advisory – ZyXEL Enterprise Network Center and Vantage Centralized Network Management Multiple Vulnerabilities

Read More
IndependentSecuriteam
admin

SSD Advisory – dotCMS H2 Database Remote Code Execution

Vulnerabilities Summary The following advisory describes an SQL Injection in dotCMS 3.6.0 H2 Database that allows attackers to Remote Code Execution. Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor response We contacted the vendor back in December 2016 and they responded with: “H2 is not a … Continue reading SSD Advisory – dotCMS H2 Database Remote Code Execution

Read More