RSS Reader for Computer Security Articles
Credit to Author: Ed Cabrera (Chief Cybersecurity Officer)| Date: Tue, 13 Jun 2017 12:00:32 +0000
As we predicted in 2016, cyberpropaganda is a major growth area for cybercriminals. Per that prediction, “The rise in the Internet penetration has opened the opportunity for invested parties to use the Internet as a free-for-all tool to influence public opinion to go one way or another.” Today, we know this through Wikileaks and self-proclaimed…
Credit to Author: Trend Micro| Date: Mon, 12 Jun 2017 23:10:22 +0000
While it sounds similar to Business Email Compromise, Business Process Compromise is an entirely new beast.
Credit to Author: Trend Micro| Date: Mon, 12 Jun 2017 20:26:16 +0000
How are cybercriminals able to flip the board on the security measures consumers as well as businesses utilize to safeguard their most important data and content?
Credit to Author: Gregg Keizer| Date: Mon, 12 Jun 2017 12:57:00 -0700
A month ago, Microsoft took the unprecedented step of issuing security patches for Windows XP, an edition supposedly interred in Support Cemetery more than three years ago.
The decision to help aged personal computers running Windows XP — as well as also-retired Windows 8 and Windows Server 2003 — was intended to slow the spread of the “WannaCry” ransomware, which encrypted files on hundreds of thousands of PCs worldwide. The cyber criminals than tried to extort payments from the machines’ owners in return for unlocking the files.
To read this article in full or to leave a comment, please click here
Credit to Author: Steven J. Vaughan-Nichols| Date: Mon, 12 Jun 2017 11:19:00 -0700
Because Windows doesn’t make much money for Microsoft these days, the company decided, beginning in Windows 10, that snooping on users à la Google and Facebook could be profitable. But one country said enough was enough. It would stand up for its users’ “privacy.” That country? The People’s Republic of China.
Cough. Didn’t see that one coming, did you?
To read this article in full or to leave a comment, please click here
Credit to Author: Malwarebytes Labs| Date: Mon, 12 Jun 2017 16:58:27 +0000
 | |
| A compilation of notable security news and blog posts from the 5th of June to the 11th. We touched on topics like HTTPS, a nasty adware, LatentBot, and other fighters against tech support scams. Categories: Tags: cybersecurityexploit kitfireballmalwarePieter ArntzrecapsecuritySocial Engineeringweekly blog roundup |
The post A week in security (Jun 05 – Jun 11) appeared first on Malwarebytes Labs.
Read More
Credit to Author: Jack Gold| Date: Mon, 12 Jun 2017 09:15:00 -0700
Endpoint security is changing dramatically. It’s becoming clear that simply doing anti-malware the way it’s always been done with an add-on software program that scans for threats through signature comparisons as files are opened is not enough. The two major traditional AV companies, Symantec and McAfee, who championed this approach for many years, now have competition from next generation players like Cylance, who use predictive machine learning and AI approaches to evaluating and discovering new malware not easily detected through signature-only approaches. And processor suppliers like Intel, ARM, Qualcomm, etc. are getting into the act, designing-in trusted segments of their chips intended to become impenetrable vaults for protected execution of critical parts of the OS and apps. With newer sophisticated malware attacks, security must move beyond an outdated add-on only approach and into a multilayered approach that includes hardware, OS, layered software and network awareness.
To read this article in full or to leave a comment, please click here
Credit to Author: Sandra Henry-Stocker| Date: Mon, 05 Jun 2017 11:13:00 -0700
In the last few years, we’ve been seeing some significant changes in the suggestions that security experts are making for password security. While previous guidance increasingly pushed complexity in terms of password length, the mix of characters used, controls over password reuse, and forced periodic changes, specialists have been questioning whether making passwords complex wasn’t actually working against security concerns rather than promoting them.
Security specialists have also argued that forcing complexity down users’ throats has led to them writing passwords down or forgetting them and having to get them reset. They argued that replacing a password character with a digit or an uppercase character might make a password look complicated, but does not actually make it any less vulnerable to compromise. In fact, when users are forced to include a variety of characters in their passwords, they generally do so in very predictable ways. Instead of “password”, they might use “Passw0rd” or even “P4ssw0rd!”, but the variations don’t make the passwords significantly less guessable. People are just not very good at generating anything that’s truly random.
To read this article in full or to leave a comment, please click here