Friday, November 22, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

cyberattacks

ComputerWorld Independent 

Bank gets lesson in the security failings of third parties

admin , ,

Credit to Author: Evan Schuman| Date: Tue, 11 Apr 2017 04:00:00 -0700

The most effective cyberattacks turn the tables on the security measures we take to ward off attacks. We’re always countering the attacks that have worked in the past, rarely thinking about the opportunities our countermeasures might open up.

And opportunities always abound. If malware is being delivered via attachments, we put out memos forbidding employees from opening attachments from strangers. Cybercriminals see this, and they come up with phishing — sending out attachments in emails that appear to come from the recipients’ close co-workers. So then we warn employees to not open an attachment unless it was expected. All right, say the attackers; we’ll just wait for an attachment heads up and then launch our attack.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

VMware patches critical virtual machine escape flaws

admin , ,

Credit to Author: Lucian Constantin| Date: Thu, 30 Mar 2017 03:53:00 -0700

VMware has released critical security patches for vulnerabilities demonstrated during the recent Pwn2Own hacking contest that could be exploited to escape from the isolation of virtual machines.

The patches fix four vulnerabilities that affect VMware ESXi, VMware Workstation Pro and Player and VMware Fusion.

Two of the vulnerabilities, tracked as CVE-2017-4902 and CVE-2017-4903 in the Common Vulnerabilities and Exposures database, were exploited by a team from Chinese internet security firm Qihoo 360 as part of an attack demonstrated two weeks ago at Pwn2Own.

The team’s exploit chain started with a compromise of Microsoft Edge, moved to the Windows kernel, and then exploited the two flaws to escape from a virtual machine and execute code on the host operating system. The researchers were awarded $105,000 for their feat.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

U.S. faces limits in busting Russian agents over Yahoo breach

admin , ,

Credit to Author: Michael Kan| Date: Thu, 16 Mar 2017 03:52:00 -0700

In a rare move, the U.S. has indicted two Russian government agents for their suspected involvement in a massive Yahoo data breach. But what now?

Security experts say Wednesday’s indictment might amount to nothing more than naming and shaming Russia. That’s because no one expects the Kremlin to play along with the U.S. indictment.

“I can’t imagine the Russian government is going to hand over the two FSB officers,” said Jeremiah Grossman, chief of security strategy at SentinelOne.

“Even in the most successful investigations, state hackers are still immune from prosecution or retaliation,” said Kenneth Geers, a research scientist at security firm Comodo.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

IDG Contributor Network: Phishing: Draining the corporate bottom line

admin ,

Credit to Author: Robert C. Covington| Date: Fri, 10 Mar 2017 09:36:00 -0800

Quick quiz — how many of you have not experienced a phishing attack on your organization in the last month? 

I suspect that there are not many hands up. As you likely know, phishing is a pervasive problem for the corporate world, and the problem is growing. One organization I work with has seen a 400% increase in phishing attacks in just the last year. 

I think most people with some knowledge of the information security world understand the gravity of phishing attacks. The results of a recent study indicated that approximately 93% of phishing messages carry ransomware. On top of that, many seek to collect personal information for later use, a practice known as social engineering. 

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

CIA-made malware? Now antivirus vendors can find out

admin , , , ,

Credit to Author: Michael Kan| Date: Wed, 08 Mar 2017 04:29:00 -0800

Thanks to WikiLeaks, antivirus vendors will soon be able to figure out if you have been hacked by the CIA.

On Tuesday, WikiLeaks dumped a trove of 8,700 documents that allegedly detail the CIA’s secret hacking operations, including spying tools designed for mobile phones, PCs and smart TVs.

WikiLeaks has redacted the source code from the files to prevent the distribution of cyber weapons, it said. Nevertheless, the document dump — if real — still exposes some of the techniques that the CIA has allegedly been using.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Amid cyberattacks, ISPs try to clean up the internet

admin , , ,

Credit to Author: Michael Kan| Date: Thu, 23 Feb 2017 06:26:00 -0800

If your computer’s been hacked, Dale Drew might know something about that.

Drew is chief security officer at Level 3 Communications, a major internet backbone provider that’s routinely on the lookout for cyberattacks on the network level. The company has linked more than 150 million IP addresses to malicious activity worldwide.

That means all of those IP addresses have computers behind them that are probably involved in distributed denial-of-service attacks, email spam, or breaches of company servers, Drew said.

Hackers have managed to hijack those computers to “cause harm to the internet,” but the owners don’t always know that, Drew said. 

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

What to expect from the Trump administration on cybersecurity

admin , , ,

Credit to Author: Grant Gross| Date: Wed, 22 Feb 2017 11:39:00 -0800

Look for President Donald Trump’s administration to push for increased cybersecurity spending in government, but also for increased digital surveillance and encryption workarounds.

That’s the view of some cybersecurity policy experts, who said they expect Trump to focus on improving cybersecurity at federal agencies while shying away from new cybersecurity regulations for businesses. 

Trump is likely to look for ways for the National Security Agency and other agencies to assist the government and companies in defending against cyberattacks, said Jeffrey Eisenach, a visiting scholar at the American Enterprise Institute and a tech adviser during Trump’s presidential transition.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Here’s how the U.S. government can bolster cybersecurity

admin , ,

Credit to Author: Michael Kan| Date: Fri, 17 Feb 2017 13:53:00 -0800

Almost 20 years ago, Chris Wysopal was among a group of hackers who testified before Congress, warning of the dangers of the internet.

Unfortunately, the U.S. government is still struggling to act, Wysopal said. “You’re just going to keep ending up with the status quo,” he said, pointing to the U.S. government’s failure to regulate the tech industry or provide incentives for change.

It’s a feeling that was shared by the experts who attended this week’s RSA cybersecurity show in San Francisco. The U.S. government needs to do more on cybersecurity, but what?  

To read this article in full or to leave a comment, please click here

Read more