Security – Page 700 – Computer Security Articles

Credit to Author: Lucian Constantin| Date: Thu, 30 Mar 2017 08:11:00 -0700

A proof-of-concept exploit has been published for an unpatched vulnerability in Microsoft Internet Information Services 6.0, a version of the web server that’s no longer supported but still widely used.

The exploit allows attackers to execute malicious code on Windows servers running IIS 6.0 with the privileges of the user running the application. Extended support for this version of IIS ended in July 2015 along with support for its parent product, Windows Server 2003.

Even so, independent web server surveys suggest that IIS 6.0 still powers millions of public websites. In addition, many companies might still run web applications on Windows Server 2003 and IIS 6.0 inside their corporate networks, so this vulnerability could help attackers perform lateral movement if they access such networks through other means.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 30, 2017 admin

Three privacy tools that block your Internet provider from tracking you

Credit to Author: Ian Paul| Date: Wed, 29 Mar 2017 08:04:00 -0700

It’s official: Congress has sold you out to Internet service providers, passing a bill that dismantles Internet privacy rules and allows ISPs to sell your web history and other personal information without your permission. Assuming President Trump signs the bill into law, it means anyone concerned about privacy will have to protect themselves against over zealous data collection from their ISP.

Some privacy-conscious folks are already doing that—but many aren’t. If you want to keep your ISP from looking over your shoulder for data to sell to advertisers, here are three relatively simple actions you can take to get started.

To read this article in full or to leave a comment, please click here

Security Wired

March 30, 2017 admin

If You Want a VPN to Protect Your Privacy, Start Here

Credit to Author: Lily Hay Newman| Date: Thu, 30 Mar 2017 11:18:16 +0000

A VPN’s not a perfect solution to your privacy problems, but it’s a start. The post If You Want a VPN to Protect Your Privacy, Start Here appeared first on WIRED.

ComputerWorld Independent

March 30, 2017 admin

Open-source developers targeted in sophisticated malware attack

Credit to Author: Lucian Constantin| Date: Thu, 30 Mar 2017 04:30:00 -0700

For the past few months, developers who publish their code on GitHub have been targeted in an attack campaign that uses a little-known but potent cyberespionage malware.

The attacks started in January and consisted of malicious emails specifically crafted to attract the attention of developers, such as requests for help with development projects and offers of payment for custom programming jobs.

The emails had .gz attachments that contained Word documents with malicious macro code attached. If allowed to execute, the macro code executed a PowerShell script that reached out to a remote server and downloaded a malware program known as Dimnie.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 30, 2017 admin

VMware patches critical virtual machine escape flaws

Credit to Author: Lucian Constantin| Date: Thu, 30 Mar 2017 03:53:00 -0700

VMware has released critical security patches for vulnerabilities demonstrated during the recent Pwn2Own hacking contest that could be exploited to escape from the isolation of virtual machines.

The patches fix four vulnerabilities that affect VMware ESXi, VMware Workstation Pro and Player and VMware Fusion.

Two of the vulnerabilities, tracked as CVE-2017-4902 and CVE-2017-4903 in the Common Vulnerabilities and Exposures database, were exploited by a team from Chinese internet security firm Qihoo 360 as part of an attack demonstrated two weeks ago at Pwn2Own.

The team’s exploit chain started with a compromise of Microsoft Edge, moved to the Windows kernel, and then exploited the two flaws to escape from a virtual machine and execute code on the host operating system. The researchers were awarded $105,000 for their feat.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 30, 2017 admin

Trump extends Obama executive order on cyberattacks

Credit to Author: Martyn Williams| Date: Thu, 30 Mar 2017 03:24:00 -0700

President Donald Trump is extending by one year special powers introduced by former President Barack Obama that allow the government to issue sanctions against people and organizations engaged in significant cyberattacks and cybercrime against the U.S.

Executive Order 13694 was introduced on April 1, 2015, and was due to expire on Saturday, but the president sent a letter to Congress on Wednesday evening saying he plans to keep the order active.

“Significant malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States, continue to pose an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States,” Trump wrote in the letter. “Therefore, I have determined that it is necessary to continue the national emergency declared in Executive Order 13694 with respect to significant malicious cyber-enabled activities.”

To read this article in full or to leave a comment, please click here

QuickHeal Security

March 29, 2017 admin

Dear Women, Define your Online Identity Securely

Credit to Author: Suhita Mazumdar| Date: Fri, 10 Mar 2017 09:46:23 +0000

Amazing women are everywhere. They have defined our past and are making our present better so that we can look forward to a better future. Women have always been more vocal, expressive and willing to share than men. And social networking has become one the most powerful platforms for them…

The post Dear Women, Define your Online Identity Securely appeared first on Quick Heal Technologies Security Blog | Latest computer security news, tips, and advice.

QuickHeal Security

March 29, 2017 admin

Cyber Swachhta Kendra – A Digital India Initiative for a Secure Cyber Ecosystem

Credit to Author: Sanjay Katkar| Date: Mon, 06 Mar 2017 12:25:34 +0000

The Government of India recently launched an ambitious project called Cyber Swachhta Kendra (CSK) – a Botnet Cleaning and Malware Analysis Center. Developed under the Ministry of Electronics and Information Technology (MeitY), this center will be operated by the Indian Computer Emergency Response Team (CERT-In). Developed as an essential part…

The post Cyber Swachhta Kendra – A Digital India Initiative for a Secure Cyber Ecosystem appeared first on Quick Heal Technologies Security Blog | Latest computer security news, tips, and advice.