Security – Page 735 – Computer Security Articles

Credit to Author: Eric Geier| Date: Wed, 22 Feb 2017 03:00:00 -0800

To keep private Wi-Fi networks secure, encryption is a must-have — and using strong passwords or passphrases is necessary to prevent the encryption from being cracked. But don’t stop there! Many other settings, features and situations can make your Wi-Fi network as much or even more insecure as when you use a weak password. Make sure you’re not leaving your network vulnerable by doing any of the following.

To read this article in full or to leave a comment, please click here

(Insider Story)

ComputerWorld Independent

February 21, 2017 admin

Why you need a bug bounty program

Credit to Author: Mary Branscombe| Date: Tue, 21 Feb 2017 12:50:00 -0800

Every business needs to have a process in place for handling security vulnerability reports, but some organizations take a much more proactive approach to dealing with security researchers.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

February 21, 2017 admin

Java and Python FTP attacks can punch holes through firewalls

Credit to Author: Lucian Constantin| Date: Tue, 21 Feb 2017 10:11:00 -0800

The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks.

On Saturday, security researcher Alexander Klink disclosed an interesting attack where exploiting an XXE (XML External Entity) vulnerability in a Java application can be used to send emails.

XXE vulnerabilities can be exploited by tricking applications to parse specially crafted XML files that would force the XML parser to disclose sensitive information such as files, directory listings, or even information about processes running on the server.

Klink showed that the same type of vulnerabilities can be used to trick the Java runtime to initiate FTP connections to remote servers by feeding it FTP URLs in the form of ftp://user:password@host:port/file.ext.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

February 21, 2017 admin

Verizon knocks $350M from Yahoo deal after breaches

Credit to Author: Grant Gross| Date: Tue, 21 Feb 2017 07:23:00 -0800

Verizon Communications will pay $350 million less for Yahoo after two major data breaches reported by the struggling internet pioneer.

Verizon will pay about $4.48 billion for Yahoo’s operating business, and the two companies will share any potential legal and regulatory liabilities arising from two major data breaches announced in late 2016. The companies announced the amended terms of the deal Tuesday.

In October, one news report had Verizon seeking a $1 billion discount after the first breach was announced.

To read this article in full or to leave a comment, please click here

Kaspersky Security

February 21, 2017 admin

Forget books, time to burn the dolls

Credit to Author: Jeffrey Esposito| Date: Tue, 21 Feb 2017 14:00:00 +0000

Connected dolls pose a hacking risk.

ComputerWorld Independent

February 21, 2017 admin

Why robotics is key to cybersecurity's future

Chad Holmes, Principal of Ernst & Young LLP sits down with Neal Weinberg to talk about how cyber-robotics will help shape the future of cybersecurity.

ComputerWorld Independent

February 21, 2017 admin

True privacy online is not viable

Credit to Author: Evan Schuman| Date: Tue, 21 Feb 2017 03:00:00 -0800

Privacy-concerned consumers desperately want a magic bullet, some simple thing they can use that will protect their identities and their web activity. And although there are a plethora of offerings today that make such a claim — VPNs, privacy-focused browsers such as Tor, privacy search engines such as DuckDuckGo, quite a few services that claim to anonymize anyone’s activity — the practical realities of human behavior make such privacy claims bogus.

Let me stress that almost all of these services do indeed help a person remain anonymous from the casual, untrained observer (the typical roommate, spouse, co-worker, boss, etc.). But any consumer who thinks that these tools will thwart a law enforcement agent, motivated cyberthief or identity thief, or anyone who is willing to spend the time to track you down is in for unhappiness.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

February 20, 2017 admin

Hackers behind bank attack campaign use Russian decoy

Credit to Author: Lucian Constantin| Date: Mon, 20 Feb 2017 07:00:00 -0800

The hackers behind a sophisticated attack campaign that has recently targeted financial organizations around the world have intentionally inserted Russian words and commands into their malware in an attempt to throw investigators off.

Researchers from cybersecurity firm BAE Systems have recently obtained and analyzed additional malware samples related to an attack campaign that has targeted 104 organizations — most of them banks — from 31 different countries.

They found multiple commands and strings in the malware that appear to have been translated into Russian using online tools, the results making little sense to a native Russian speaker.

To read this article in full or to leave a comment, please click here