Wednesday, November 27, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Independent

Independent Krebs 

Feds Charge NY Man as BreachForums Boss “Pompompurin”

admin , , , , , , ,

Credit to Author: BrianKrebs| Date: Fri, 17 Mar 2023 23:39:22 +0000

The U.S. Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of running BreachForums, a popular English-language cybercrime forum where some of the world biggest hacked databases routinely first show up for sale. The forum’s administrator “Pompompurin” has been a thorn in the side of the FBI for years, and BreachForums is widely considered a reincarnation of RaidForums, a remarkably similar crime forum that the FBI infiltrated and dismantled in 2022.

Read more
ComputerWorld Independent 

Patch Office and Windows now to resolve two zero-days

admin , , ,

Microsoft has resolved 80 new CVEs this month in addition to four earlier CVEs, bringing the number of security issues addressed in this month’s Patch Tuesday release to 84. 

Unfortunately, we have two zero-day flaws in Outlook (CVE-2023-23397) and Windows (CVE-2023-24880) that require a “Patch Now” release requirement for both Windows and Microsoft Office updates. As it was last month, there were no further updates for Microsoft Exchange Server or Adobe Reader. This month the team at Application Readiness has provided a helpful infographic that outlines the risks associated with each of the updates for this cycle.

To read this article in full, please click here

Read more
Independent Krebs 

Microsoft Patch Tuesday, March 2023 Edition

admin , , , , , , , , , , , ,

Credit to Author: BrianKrebs| Date: Wed, 15 Mar 2023 15:19:32 +0000

Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction.

Read more
ComputerWorld Independent 

Feds to Microsoft: Clean up your security act — or else

admin , , ,

The US government, worried about the continuing growth of cybercrime, ransomware, and countries including Russia, Iran, and North Korea hacking into government and private networks, is in the middle of drastically changing its cybersecurity strategy. No longer will it rely largely on prodding businesses and tech companies to voluntarily take basic security measures such as patching vulnerable systems to keep them updated.

Instead, it now wants to establish baseline security requirements for businesses and tech companies and to fine those that don’t comply.

It’s not just companies that use the systems who might eventually need to abide by the regulations. Companies that make and sell them, such as Microsoft, Apple, and others could be held accountable as well. Early indications are that the feds already have Microsoft in their crosshairs — they’ve warned the company that, at the moment, it doesn’t appear to be up to the task.

To read this article in full, please click here

Read more
Independent Krebs 

Two U.S. Men Charged in 2022 Hacking of DEA Portal

admin , , , , , , , , , , , , , , ,

Credit to Author: BrianKrebs| Date: Wed, 15 Mar 2023 01:25:20 +0000

Two U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases. Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims.

Read more
Independent Krebs 

Who’s Behind the NetWire Remote Access Trojan?

admin , , , , , , , ,

Credit to Author: BrianKrebs| Date: Thu, 09 Mar 2023 18:52:25 +0000

A Croatian national has been arrested for allegedly operating NetWire, a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the U.S. Federal Bureau of Investigation (FBI). While the defendant in this case hasn’t yet been named publicly, the NetWire website has been leaking information about the likely true identity and location of its owner for the past 11 years.

Read more
ComputerWorld Independent 

Why you should use Apple’s Rapid Security Response

admin , , , , ,

Mac, iPad, and iPhone users can choose to automatically install system security patches as they are released with a new Apple feature called Rapid Security Response.

Rapid Security Response aims to secure Apple’s platforms with automated security updates. The idea is that if every user automatically installs such patches, the entire ecosystem becomes inherently more secure.

Announced last year at WWDC 2022, Apple began testing the feature in October. During beta testing, it shared four content-free downloads to test its distribution system, including one recent test in March. While the feature can be enabled on devices running the latest operating system, as of this month Apple had not yet begun to ship genuine security patches.

To read this article in full, please click here

Read more
Independent Krebs 

Sued by Meta, Freenom Halts Domain Registrations

admin , , , , , , , ,

Credit to Author: BrianKrebs| Date: Tue, 07 Mar 2023 23:19:26 +0000

The domain name registrar Freenom, whose free domain names have long been a draw for spammers and phishers, has stopped allowing new domain name registrations. The move comes just days after the Dutch registrar was sued by Meta, which alleges the company ignores abuse complaints about phishing websites while monetizing traffic to those abusive domains.

Read more