Independent – Page 93 – Computer Security Articles

Credit to Author: JR Raphael| Date: Wed, 26 Feb 2020 03:00:00 -0800

There are important accounts to secure, and then there are important accounts to secure. Your Google account falls into that second category, maybe even with a couple of asterisks and some neon orange highlighting added in for good measure.

I mean, really: When you stop and think about how much stuff is associated with that single sign-in — your email, your documents, your photos, your files, your search history, maybe even your contacts, text messages, and location history, if you use Android — saying it’s a “sensitive account” seems like an understatement. Whether you’re using Google for business, personal purposes, or some combination of the two, you want to do everything you possibly can to keep all of that information locked down and completely under your control.

To read this article in full, please click here

ComputerWorld Independent

February 26, 2020 admin

How to fight scripting attacks

Most phishing campaigns use links to malicious scripts that infect users’ devices. Here’s how to spot and prevent them from doing damage.

ComputerWorld Independent

February 25, 2020 admin

Top secret

Credit to Author: Sharky| Date: Tue, 25 Feb 2020 03:00:00 -0800

It’s back when 5-inch floppy disks roamed the Earth, and a customer service tech sends a software update to a customer known to be a bit more than a little computer-challenged, says a pilot fish in the know. This involves physically mailing a stack of disks to the customer, along with a note saying to call the tech when she’s ready to install the update.

When the call comes, the tech is prepared to walk her through the installation step by step. After getting the computer booted up and verifying that the user has located disk No. 1, the tech says, “Insert the floppy disk into the disk drive, with the label facing up.”

Customer: “Done.”

Tech: “Type ‘A,’ and press the Enter key.”

To read this article in full, please click here

Independent Krebs

February 24, 2020 admin

Zyxel Fixes 0day in Network Storage Devices

Credit to Author: BrianKrebs| Date: Mon, 24 Feb 2020 17:13:11 +0000

Networking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage (NAS) devices that can be used to remotely commandeer them. The patch comes 12 days after KrebsOnSecurity alerted the company that precise instructions for exploiting the vulnerability were being sold for $20,000 in the cybercrime underground. Based in Taiwan, Zyxel Communications Corp. (a.k.a “ZyXEL”) is a maker of networking devices, including Wi-Fi routers, NAS products and hardware firewalls. The company has roughly 1,500 employees and boasts some 100 million devices deployed worldwide. While in many respects the class of vulnerability addressed in this story is depressingly common among Internet of Things (IoT) devices, the flaw is notable because it has attracted the interest of groups specializing in deploying ransomware at scale.

ComputerWorld Independent

February 24, 2020 admin

Why every user needs a smart speaker security policy

Credit to Author: Jonny Evans| Date: Mon, 24 Feb 2020 06:06:00 -0800

Does your voice assistant wake up randomly when you are engaged in normal conversation, listening to radio, or watching TV? You’re not alone, and this may have serious implications in enterprise security policy.

All things being equal (they’re not)

“Anyone who has used voice assistants knows that they accidentally wake up and record when the ‘wake word’ isn’t spoken – for example, ‘seriously’ sounds like the wake word ‘Siri’ and often causes Apple’s Siri-enabled devices to start listening,” the Smart Speakers research study says.

To read this article in full, please click here

ComputerWorld Independent

February 21, 2020 admin

Apple joins industry effort to eliminate passwords

Credit to Author: Lucas Mearian| Date: Fri, 21 Feb 2020 03:00:00 -0800

In a somewhat unusual move for Apple, the company has joined the Fast IDentity Online (FIDO) Alliance, an authentication standards group dedicated to replacing passwords with another, faster and more secure method for logging into online services and apps.

Apple is among the last tech bigwigs to join FIDO, whose members now include Amazon, Facebook, Google, Intel, Microsoft, RSA, Samsung, Qualcomm and VMware. The group also boasts more than a dozen financial service firms such as American Express, ING, Mastercard, PayPal, Visa and Wells Fargo.

“Apple is not usually up front in joining new organizations and often waits to see if they gain enough traction before joining in. This is fairly atypical for them,” said Jack Gold, president and principal analyst at J. Gold Associates. “Apple is often trying to present [its] own proposed industry standards for wide adoption, but is generally not an early adopter of true multi-vendor industry standards.

To read this article in full, please click here

ComputerWorld Independent

February 20, 2020 admin

The mess behind Microsoft’s yanked UEFI patch KB 4524244

Credit to Author: Woody Leonhard| Date: Thu, 20 Feb 2020 06:23:00 -0800

Remember the warning about watching how sausage is made? This is an electronic sausage-making story with lots of dirty little bits.

First, the chronology. On February’s Patch Tuesday, Microsoft released a bizarre standalone security patch, KB 4524244, which was then called “Security update for Windows 10, version 1607, 1703, 1709, 1803, 1809, and 1903: Feb. 11, 2020.” The name has changed, but bear with me.

The original problems with KB 4524244

That patch had all sorts of weird hallmarks as I discussed at the time:

To read this article in full, please click here

Independent Krebs

February 19, 2020 admin

Hackers Were Inside Citrix for Five Months

Credit to Author: BrianKrebs| Date: Wed, 19 Feb 2020 15:55:04 +0000

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords.