Tuesday, May 12, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Security

ComputerWorldIndependent
admin

Hacker breached 63 universities and government agencies

Credit to Author: Darlene Storm| Date: Wed, 15 Feb 2017 09:33:00 -0800

A “Russian-speaking and notorious financially-motivated” hacker known as Rasputin has been at it again, hacking into universities and government agencies this time, before attempting to sell the stolen data on the dark web.

According to the security company Recorded Future, which has been tracking the cybercriminal’s breaches, Rasputin’s most recent victims include 63 “prominent universities and federal, state, and local U.S. government agencies.” The security firm has been following Rasputin’s activity since late 2016 when the hacker reportedly breached the U.S. Electoral Assistance Commission and then sold EAC access credentials.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

JavaScript-based attack simplifies browser exploits

Credit to Author: Lucian Constantin| Date: Wed, 15 Feb 2017 10:13:00 -0800

Researchers have devised a new attack that can bypass one of the main exploit mitigations in browsers: Address space layout randomization (ASLR). The attack takes advantage of how modern processors cache memory and, because it doesn’t rely on a software bug, fixing the problem is not easy.

Researchers from the Systems and Network Security Group at Vrije Universiteit Amsterdam (VUSec) unveiled the attack, dubbed AnC, Wednesday after having coordinated its disclosure with processor, browser and OS vendors since October.

ASLR is a feature present in all major operating systems. Applications, including browsers, take advantage of it to make the exploitation of memory corruption vulnerabilities like buffer overflows more difficult.

To read this article in full or to leave a comment, please click here

Read More
SecurityTrendMicro
admin

Bad Choices, Exposed Data

Credit to Author: Mark Nunnikhoven (Vice President, Cloud Research)| Date: Wed, 15 Feb 2017 16:46:07 +0000

Our researchers produce a lot of really interesting material. This week, they published a paper called, “U.S. Cities Exposed In Shodan.” The research looks systems that are exposed online…exposure that systems owners aren’t always aware of. The most disturbed statistic in the research is a simple one: the fourth most exposed system is MySQL. I had…

Read More
ComputerWorldIndependent
admin

Researchers trick 'CEO' email scammer into giving up identity

Credit to Author: Michael Kan| Date: Wed, 15 Feb 2017 08:13:00 -0800

Businesses targeted in email scams don’t always have to play the victim. They can actually fight back.

Researchers at Dell SecureWorks have documented how they identified a suspected email scammer from Nigeria by essentially playing along with the scheme to fool the attacker into revealing his true whereabouts.

Anyone can use these tips, said Joe Stewart, director of malware research at SecureWorks. “We’re letting [the scammers] give us all the information about themselves,” he said.

The email scheme involved a fraudster impersonating a CEO in what’s called a business email spoofing attack. The goal is often to trick a victim into wiring funds to the scammer’s bank account.

To read this article in full or to leave a comment, please click here

Read More