Monday, November 25, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

internet

ComputerWorld Independent 

Password-stealing flaws in LastPass Chrome and Firefox extensions

admin , ,

Credit to Author: Darlene Storm| Date: Wed, 22 Mar 2017 06:25:00 -0700

Tavis Ormandy, a security researcher on Google’s Project Zero team, warned of flaws in LastPass browser extensions, vulnerabilities which – if a person surfed to a malicious site – would allow the malicious site to steal passwords from the password manager.

LastPass said it patched the vulnerability in its Chrome extension and said it is working on a fix for the flaw in its Firefox add-on.

Ormandy originally said the LastPass bug affected 4.1.42 Chrome and Firefox browser extensions. He developed a working exploit for a Windows box running the LastPass Chrome extension, but said it “could be made to work on other platforms.” He sent the details to LastPass before adding:

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Mozilla beats rivals, patches Firefox's Pwn2Own bug

admin , ,

Credit to Author: Gregg Keizer| Date: Mon, 20 Mar 2017 17:26:00 -0700

Mozilla last week patched a Firefox vulnerability just a day after it was revealed during Pwn2Own, the first vendor to fix a flaw disclosed at the hacking contest.

“Congrats to #Mozilla for being the first vendor to patch vuln[erability] disclosed during #Pwn2Own,” tweeted the Zero Day Initiative (ZDI) Monday. ZDI, the bug brokerage run by Trend Micro, sponsored Pwn2Own.

Mozilla released Firefox 52.0.1 on Friday, March 17, with a patch for the integer overflow bug that Chaitin Security Research Lab leveraged in an exploit at Pwn2Own on Thursday, March 16. The Beijing-based group was awarded $30,000 by ZDI for the exploit, which combined the Firefox bug with one in the Windows kernel.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Private photos of more celebrities leaked in Fappening 2.0

admin , ,

Credit to Author: Darlene Storm| Date: Mon, 20 Mar 2017 09:51:00 -0700

Here we go again with another round of The Fappening which was also known as Celebgate.

The Fappening 2.0, or Celebgate 2.0, started with private photos of Emma Watson and Amanda Seyfried circulating on the “dark web” and then 4chan last week before the images made it to Reddit.

Softpedia reported that more private images of celebrities are also circulating online, including pictures of the following actresses and models: “Rose McGowan (actress), Katie Cassidy (actress), Alyssa Arce (model), Rhona Mitra (actress), Analeigh Tipton (figure skater & actress), Iliza Shlesinger (comedian), Jilliain Murray (actress), Paige (WWE star), Dylan Penn (model, daughter of Sean Penn), Kristanna Loken (actress), April Love Geary (model), Trieste Kelly Dunn (actress), and Lili Simmons (actress).” The article claims that the leak also included footage of at least one celebrity engaging in sexual acts.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Inside the Russian Yahoo hack: How they did it

admin ,

Credit to Author: Martyn Williams| Date: Wed, 15 Mar 2017 15:37:00 -0700

One mistaken click. That’s all it took for hackers aligned with the Russian state security service to gain access to Yahoo’s network and potentially the email messages and private information of as many as 500 million people.

The U.S. Federal Bureau of Investigation has been investigating the intrusion for two years, but it was only in late 2016 that the full scale of the hack became apparent. On Wednesday, the FBI indicted four people for the attack, two of whom are Russian spies.

Here’s how the FBI says they did it:

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Defensive Computing for email attachments

admin , ,

Credit to Author: Michael Horowitz| Date: Wed, 15 Mar 2017 12:12:00 -0700

Email attachments remain an effective way to infect/compromise computers because people trust them too much. Blindly opening them is easy, simple and quick, but, it’s also not secure. What is secure?

Never open email attachments using Microsoft Office or Adobe’s PDF reading software.

Really should go without saying at this point.

Never open attachments on a Windows, Mac or Linux computer you care about or use regularly.

These old desktop systems are simply not as secure as more modern operating systems.

The safest computers for opening suspect files run iOS or Chrome OS.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

4 charged, including Russian gov't agents, for massive Yahoo hack

admin , ,

Credit to Author: Martyn Williams| Date: Wed, 15 Mar 2017 09:22:00 -0700

The FBI on Wednesday charged four people, including two Russian state intelligence agents, for their involvement in a massive hack of Yahoo that affected half a billion accounts.

In September, Yahoo said hackers had managed to steal personal data on more than 500 million users during an attack in late 2014. The stolen data included names, email addresses, telephone numbers and hashed passwords. Blame for the attack was put on a “state-sponsored” group.

The FBI said that group was the Russian Federal Security Service, the FSB, and it identified agents Dmitry Dokuchaev and Igor Sushchin as leaders of the attack.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Twitter accounts hacked, Twitter Counter steps forward as culprit

admin , , ,

Credit to Author: Peter Sayer| Date: Wed, 15 Mar 2017 07:37:00 -0700

Twitter Counter, a third-party analytics service, appears once again to have provided a gateway for hackers to post messages to high-profile Twitter accounts.

An unlikely number of Twitter users suddenly learned to speak Turkish on Wednesday, posting an inflammatory message in the language replete with Nazi swastikas.

Among those posting the message were the Twitter accounts of Forbes magazine, the Atlanta Police Department, and Amnesty International, one of the few hacked accounts one might expect to actually speak Turkish.

Fears that these accounts had all been hacked were quickly allayed, when Twitter identified a third-party app as being to blame.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Twitter Counter hacked: Hundreds of high-profile Twitter accounts hijacked

admin , ,

Credit to Author: Darlene Storm| Date: Wed, 15 Mar 2017 06:16:00 -0700

Twitter seemed to temporarily be overtaken by tweets featuring swastikas, Turkish flags and Nazi references after third-party analytics app Twitter Counter was hacked.

It’s unclear how many Twitter accounts were affected – hundreds or thousands – considering Twitter Counter claims to have more than two million users who linked their Twitter accounts to its service for the purpose of providing statistics and tracking responses to tweets.

Infosec journalist Graham Cluley apologized “for the Nazi spam” after his account was hijacked. There was a rush of people scrubbing their accounts as Amnesty International, Duke University, Forbes, Reuters Japan, BBC North America, UNICEF USA, the UK Department of Health, the CEO of Sprint, bitcoin wallet Blockchain, the Atlanta Police Department, Starbucks Argentina, the European Parliament, Nike Spain, sports stars, celebrities and many others were compromised and also spewed Nazi spam.

To read this article in full or to leave a comment, please click here

Read more