Kenneth White – Computer Security Articles

Patch Tuesday, January 2020 Edition

January 14, 2020 admin cve-2020-0601, johns hopkins university, Kenneth White, matthew green, MongoDB, Qualys, Time to Patch, Windows 10

Credit to Author: BrianKrebs| Date: Wed, 15 Jan 2020 02:31:50 +0000

Microsoft today released updates to plug 50 security holes in various flavors of Windows and related software. The patch batch includes a fix for a flaw in Windows 10 and server equivalents of this operating system that prompted an unprecedented public warning from the U.S. National Security Agency. This month also marks the end of mainstream support for Windows 7, a still broadly-used operating system that will no longer be supplied with security updates.

Independent Krebs

Avast, NordVPN Breaches Tied to Phantom User Accounts

October 21, 2019 admin avast breach, data breaches, filehippo, jaya baloo, Kenneth White, nordvpn breach, Open Crypto Audit Project, secunia personal software inspector, supply chain attack, Techcrunch, zack whittaker

Credit to Author: BrianKrebs| Date: Tue, 22 Oct 2019 00:32:57 +0000

Antivirus and security giant Avast and virtual private networking (VPN) software provider NordVPN each today disclosed months-long network intrusions that — while otherwise unrelated — shared a common cause: Forgotten or unknown user accounts that granted remote access to internal systems with little more than a password.

Independent Krebs

15-Year-old Finds Flaw in Ledger Crypto Wallet

March 21, 2018 admin Charles Guillemet, cryptocurrency hardware wallet, Kenneth White, Latest Warnings, ledger, Nano-S, Open Crypto Audit Project, Saleem Rashid, The Coming Storm

Credit to Author: BrianKrebs| Date: Tue, 20 Mar 2018 17:19:11 +0000

A 15-year-old security researcher has discovered a serious flaw in cryptocurrency hardware wallets made by Ledger, a French company whose popular products are designed to physically safeguard public and private keys used to receive or spend the user’s cryptocurrencies. Hardware wallets like those sold by Ledger are designed to protect the user’s private keys from malicious software that might try to harvest those credentials from the user’s computer. The devices enable transactions via a connection to a USB port on the user’s computer, but they don’t reveal the private key to the PC. Yet Saleem Rashid, a 15-year-old security researcher from the United Kingdom, discovered a way to acquire the private keys from the Ledger devices. Rashid’s method requires an attacker to have physical access to the device, and normally such attacks would fall under the #1 rule of security — namely, if an attacker has physical access to your device it is not your device anymore.

Independent Krebs

Chase ‘Glitch’ Exposed Customer Accounts

February 22, 2018 admin A Little Sunshine, account mix up, Chase.com, Fly & Dine, Kenneth White, Open Crypto Audit Project, Trish Weller

Credit to Author: BrianKrebs| Date: Fri, 23 Feb 2018 00:35:30 +0000

Multiple Chase.com customers have reported logging in to their bank accounts, only to be presented with another customer’s bank account details. Chase has acknowledged the incident, saying it was caused by a two an internal “glitch” Wednesday evening that did not involve any kind of hacking attempt or cyber attack.