Saturday, May 9, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Security

ComputerWorldIndependent
admin

The Internet of messy things

Credit to Author: Steven J. Vaughan-Nichols| Date: Wed, 03 May 2017 04:00:00 -0700

In the beginning, devices on the internet were fun. My favorite was the Carnegie-Mellon’s Computer Science Department Coke Machine. Starting in the 1970s, you could “ping” it to see if it had sodas ready and if they were cold yet. It was good, silly fun. Now everything except the cat* is hooked to the internet, and that’s not so funny at all.

Oh, sure, some internet of things (IoT) devices are enjoyable and useful. I have an Amazon Echo in my bedroom and a Google Home in my kitchen. I use them every day. But I’m aware of their privacy problems. You should be too.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

IDG Contributor Network: Using defense-in-depth to prevent self-inflicted cybersecurity wounds

Credit to Author: Robert C. Covington| Date: Tue, 02 May 2017 07:32:00 -0700

This past week, I encountered an all too common situation — a user gets a targeted phishing attempt. Despite a strong training program, the user opens the attachment and gets infected with ransomware.

For many organizations, this would have resulted in a disaster. Ransomware would have encrypted files on any servers, and the organization would have been forced to either restore the files from a backup, assuming they had them, or to hold their nose and pay a ransom. 

The news was better, however, for the organization I mentioned above.

Fortunately, the premise of their security planning was that someone would eventually shoot them in the foot. With a security plan that assumed this, they had a depth of layered controls to help. While their anti-virus software did not prevent the infection, it did recognize and send an alert about it, after the fact. In the meantime, their web filtering appliances and their DNS service provider, recognizing the call from the infected PC to a command and control server to get an encryption key, blocked access. Since the ransomware client never got the key, it did not encrypt any files. The blocking of command and control access provided the extra time needed to get the PC pulled out of service and repaired. 

To read this article in full or to leave a comment, please click here

Read More
MalwareBytesSecurity
admin

An Infosec Spring clean

Credit to Author: Christopher Boyd| Date: Tue, 02 May 2017 15:00:56 +0000

Spring has indeed sprung, but it’s never too late to have a wander through your security settings and features. Unfortunately, we have so many accounts these days that it’s hard to keep track of them all, but this round-up may help you on your way.

Categories:

Tags:

(Read more…)

The post An Infosec Spring clean appeared first on Malwarebytes Labs.

Read More
ComputerWorldIndependent
admin

Vulnerability hits Intel enterprise PCs going back 10 years

Credit to Author: Michael Kan| Date: Tue, 02 May 2017 03:34:00 -0700

Intel is reporting a firmware vulnerability that could let attackers take over remote management functions on computers built over nearly the past decade.

The vulnerability, disclosed on Monday, affects features in Intel firmware that are designed for enterprise IT management.  

Enterprises using Intel Active Management Technology, Intel Small Business Technology and Intel Standard Manageability on their systems should patch them as soon as possible, the company says.

The vulnerable firmware features can be found in some current Core processors and all the way back to Intel’s first-generation Core, called Nehalem, which shipped in 2008. They’re part of versions 6.0 through 11.6 of Intel’s manageability firmware.

To read this article in full or to leave a comment, please click here

Read More