Other – Page 8 – Computer Security Articles

Beware of Hurricane Harvey Relief Scams

August 30, 2017 admin Federal Trade Commission, Hurricane Harvey, Other, US Computer Emergency Readiness Team, US-CERT

Credit to Author: BrianKrebs| Date: Tue, 29 Aug 2017 14:55:10 +0000

U.S. federal agencies are warning citizens anxious to donate money for those victimized by Hurricane Harvey to be especially wary of scam artists. In years past we’ve seen shameless fraudsters stand up fake charities and other bogus relief efforts in a bid to capitalize on public concern over an ongoing disaster. Here are some tips to help ensure sure your aid dollars go directly to those most in need.

Independent Krebs

Tech Firms Team Up to Take Down ‘WireX’ Android DDoS Botnet

August 28, 2017 admin Akamai, Allison Nixon, Android malware, Chad Seaman, ddos, distributed denial-of-service attack, Flashpoint, google, Mirai, Other, Play store, WireX botnet

Credit to Author: BrianKrebs| Date: Mon, 28 Aug 2017 14:06:08 +0000

A half dozen technology and security companies — some of them competitors — issued the exact same press release today. This unusual level of cross-industry collaboration caps a successful effort to dismantle ‘WireX,’ an extraordinary new crime machine comprising tens of thousands of hacked Android mobile devices that was used this month to launch a series of massive cyber attacks. Experts involved in the takedown warn that WireX marks the emergence of a new class of attack tools that are more challenging to defend against and thus require broader industry cooperation to defeat.

Independent Krebs

Is Your Mobile Carrier Your Weakest Link?

August 28, 2017 admin AT&T, Authy, Bictoin theft, CloudFlare, Google Authenticator, National Institute of Standards and Technology, New York Times, NIST, Other, Techcrunch, the value of a hacked email account

Credit to Author: BrianKrebs| Date: Mon, 28 Aug 2017 02:46:42 +0000

More online services than ever now offer two-step authentication — requiring customers to complete a login using their phone or other mobile device after supplying a username and password. But with so many services relying on your mobile for that second factor, there has never been more riding on the security of your mobile account. Below are some tips to ensure your mobile device (or, more specifically, your mobile carrier) isn’t the weakest link in your security chain.

Independent Krebs

Why It’s Still A Bad Idea to Post or Trash Your Airline Boarding Pass

August 24, 2017 admin boarding pass barcode, boarding pass hacking, British Airways, Lufthansa, Michal Špaček, Other, United Airlines

Credit to Author: BrianKrebs| Date: Thu, 24 Aug 2017 22:55:47 +0000

An October 2015 piece published here about the potential dangers of tossing out or posting online your airline boarding pass remains one of the most-read stories on this site. One reason may be that the advice remains timely and relevant: A talk recently given at a Czech security conference advances that research and offers several reminders of how being careless with your boarding pass could jeopardize your security or even cause trip disruptions down the road.

Independent Krebs

Dumping Data from Deep-Insert Skimmers

August 22, 2017 admin Charlie Harrow, deep-insert skimmer, NCR Corp, Other

Credit to Author: BrianKrebs| Date: Tue, 22 Aug 2017 14:19:02 +0000

I recently heard from a police detective who was seeking help identifying some strange devices found on two Romanian men caught maxing out stolen credit cards at local retailers. Further inspection revealed the devices to be semi-flexible data transfer wands that thieves can use to extract stolen ATM card data from “deep-insert skimmers,” wafer-thin fraud devices made to be hidden inside of the card acceptance slot on a cash machine.

Independent Krebs

Carbon Emissions: Oversharing Bug Puts Security Vendor Back in Spotlight

August 18, 2017 admin Amazon Macie, Carbon Black, DirectDefense, Mike Viscuso, Other, Spotify, virustotal

Credit to Author: BrianKrebs| Date: Fri, 18 Aug 2017 17:38:57 +0000

Last week, security firm DirectDefense came under fire for over-hyping claims that Cb Response, a cybersecurity product sold by competitor Carbon Black, was leaking proprietary from customers who use it. Carbon Black responded that the bug identified by its competitor was a feature, and that customers were amply cautioned in advance about the potential privacy risks of using the feature. Now Carbon Black is warning that an internal review has revealed a wholly separate bug in Cb Response that could in fact result in certain customers unintentionally sharing sensitive files.

Independent Krebs

Blowing the Whistle on Bad Attribution

August 17, 2017 admin CrowdStrike, Defense Intelligence Agency, DNC hack, Dragos Inc., Grizzly Steppe, Matt Tait, Norse Corp., Other, P.A.S. Web shell, Profexer, Robert M. Lee, Robert Strauss Center for International Security and Law

Credit to Author: BrianKrebs| Date: Fri, 18 Aug 2017 04:29:51 +0000

The New York Times this week published a fascinating story about a young programmer in Ukraine who’d turned himself in to the local police. The Times says the man did so after one of his software tools was identified by the U.S. government as part of the arsenal used by Russian hackers suspected of hacking into the Democratic National Committee (DNC) last year. It’s a good read, as long as you can ignore that the premise of the piece is completely wrong.

Independent Krebs

Beware of Security by Press Release

August 10, 2017 admin Adrian Sanabria, Carbon Black, Cb Response, Cylance, DirectDefense, Leslie Carhart, Other

Credit to Author: BrianKrebs| Date: Thu, 10 Aug 2017 15:40:30 +0000

On Wednesday, the security industry once again witnessed an all-too-familiar cycle: I call it “Security by press release.” It goes a bit like this: A security firm releases a report claiming to have unearthed a major flaw in a competitor’s product; members of the trade press uncritically republish the claims without adding much clarity or waiting for responses from the affected vendor; blindsided vendor responds in a blog post showing how the issue is considerably less dire than originally claimed. At issue are claims made by Denver-based security company DirectDefense, which published a report this week warning that Cb Response — a suite of security tools sold by competitor Carbon Black (formerly Bit9) — was leaking potentially sensitive and proprietary data from customers who use its product.