Other – Page 9 – Computer Security Articles

Blowing the Whistle on Bad Attribution

August 17, 2017 admin CrowdStrike, Defense Intelligence Agency, DNC hack, Dragos Inc., Grizzly Steppe, Matt Tait, Norse Corp., Other, P.A.S. Web shell, Profexer, Robert M. Lee, Robert Strauss Center for International Security and Law

Credit to Author: BrianKrebs| Date: Fri, 18 Aug 2017 04:29:51 +0000

The New York Times this week published a fascinating story about a young programmer in Ukraine who’d turned himself in to the local police. The Times says the man did so after one of his software tools was identified by the U.S. government as part of the arsenal used by Russian hackers suspected of hacking into the Democratic National Committee (DNC) last year. It’s a good read, as long as you can ignore that the premise of the piece is completely wrong.

Independent Krebs

Beware of Security by Press Release

August 10, 2017 admin Adrian Sanabria, Carbon Black, Cb Response, Cylance, DirectDefense, Leslie Carhart, Other

Credit to Author: BrianKrebs| Date: Thu, 10 Aug 2017 15:40:30 +0000

On Wednesday, the security industry once again witnessed an all-too-familiar cycle: I call it “Security by press release.” It goes a bit like this: A security firm releases a report claiming to have unearthed a major flaw in a competitor’s product; members of the trade press uncritically republish the claims without adding much clarity or waiting for responses from the affected vendor; blindsided vendor responds in a blog post showing how the issue is considerably less dire than originally claimed. At issue are claims made by Denver-based security company DirectDefense, which published a report this week warning that Cb Response — a suite of security tools sold by competitor Carbon Black (formerly Bit9) — was leaking potentially sensitive and proprietary data from customers who use its product.

Independent Krebs

Alleged vDOS Operators Arrested, Charged

August 9, 2017 admin applej4ck, booter, itay huri, New York University, Other, p1st, stresser, vDos, yarden bidani

Credit to Author: BrianKrebs| Date: Wed, 09 Aug 2017 15:43:24 +0000

Two young Israeli men alleged by this author to have co-founded vDOS — until recently the largest and most profitable cyber attack-for-hire service online — were arrested and formally indicted this week in Israel on conspiracy and hacking charges.

Independent Krebs

Critical Security Fixes from Adobe, Microsoft

August 8, 2017 admin Bleeping Computer, Jimmy Graham, Microsoft Patch Tuesday August 2017, Other, Qualys, Windows Search vulnerability

Credit to Author: BrianKrebs| Date: Tue, 08 Aug 2017 20:35:17 +0000

Adobe has released updates to fix at least 67 vulnerabilities in its Acrobat, Reader and Flash Player software. Separately, Microsoft today issued patches to plug 48 security holes in Windows and other Microsoft products. If you use Windows or Adobe products, it’s time once again to get your patches on. More than two dozen of the vulnerabilities fixed in today’s Windows patch bundle address “critical” flaws that can be exploited by malware or miscreants to assume complete, remote control over a vulnerable PC with little or no help from the user. According to Microsoft, none of flaws in August’s Patch Tuesday are being actively exploited in the wild, although Bleeping Computer notes that three of the bugs were publicly detailed before today’s patch release.

Independent Krebs

Flash Player is Dead, Long Live Flash Player!

August 2, 2017 admin adobe, apple, Benjamin Smedberg, exploit kits, Facebook, Flash Player, google, Jakub Pudelek, microsoft, Mozilla, Other, Recorded Future, Steve Jobs

Credit to Author: BrianKrebs| Date: Wed, 02 Aug 2017 16:17:05 +0000

Adobe last week detailed plans to retire its Flash Player software, a cross-platform browser plugin so powerful and so packed with security holes that it has become the favorite target of malware developers. To help eradicate this ubiquitous liability, Adobe is enlisting the help of Apple, Facebook, Google, Microsoft and Mozilla. But don’t break out the bubbly just yet: Adobe says Flash won’t be put down officially until 2020.

Independent Krebs

New Bill Seeks Basic IoT Security Standards

August 1, 2017 admin Aaron Swartz, Berklett Cybersecurity Project, Berkman Klein Center for Internet & Society, CDT, Center for Democracy & Technology, CFAA abuse, computer fraud and abuse act, Cory Gardner, Department of Homeland Security, Digital Millennium Copyright Act, DMCA, Harvard University, IoT Cybersecurity Improvement Act of 2017, IoT devices, Mark Warner, Mozilla, Other, Ron Wyden, Steve Daines

Credit to Author: BrianKrebs| Date: Tue, 01 Aug 2017 19:32:47 +0000

Lawmakers in the U.S. Senate today introduced a bill that would set baseline security standards for the government’s purchase and use of a broad range of Internet-connected devices, including computers, routers and security cameras. The legislation, which also seeks to remedy some widely-perceived shortcomings in existing cybercrime law, was developed in direct response to a series of massive cyber attacks in 2016 that were fueled for the most part by poorly-secured “Internet of Things” (IoT) devices.

Independent Krebs

Suspended Sentence for Mirai Botmaster Daniel Kaye

July 28, 2017 admin Agence France Presse, BestBuy, Daniel Kaye, GovRAT, Liberia, Mirai, Other

Credit to Author: BrianKrebs| Date: Fri, 28 Jul 2017 21:13:42 +0000

Last month, KrebsOnSecurity identified U.K. citizen Daniel Kaye as the likely real-life identity behind a hacker responsible for clumsily wielding a powerful botnet built on Mirai, a malware strain that enslaves poorly secured Internet of Things (IoT) devices for use in large-scale online attacks. Today, a German court issued a suspended sentence for Kaye, who now faces related cybercrime charges in the United Kingdom.

Independent Krebs

Gas Pump Skimmer Sends Card Data Via Text

July 27, 2017 admin GSM pump skimmers, Other, T-Mobile

Credit to Author: BrianKrebs| Date: Thu, 27 Jul 2017 11:08:59 +0000

Skimming devices that crooks install inside fuel station gas pumps frequently rely on an embedded Bluetooth component allowing thieves to collect stolen credit card data from the pumps wirelessly with any mobile device. The downside of this approach is that Bluetooth-based skimmers can be detected by anyone else with a mobile device. Now, investigators in the New York say they are starting to see pump skimmers that use cannibalized cell phone components to send stolen card data via text message.