Latest Security News

Here's an easier way to block the IE XXE zero day security hole

Computer World Security - Thu, 04/18/2019 - 10:57

The latest Internet Explorer XXE zero-day depends on you opening an infected MHT file. MHT is an old file format that’s almost always opened by IE — no matter which browser you’re using, no matter which version of Windows. Catalin Cimpanu has a good overview of this XXE vulnerability on ZDNet.

It’s a doozy of a security hole as it affects every recent version of IE, and it infects whether you’re actively browsing with IE or not.

To read this article in full, please click here

Categories: Latest Security News

Win7/8.1/Server patch conflicts abated, somewhat, but it’s still too early to install the April crop

Computer World Security - Tue, 04/16/2019 - 09:02

A week ago, Microsoft released six patches that brought many machines to their knees. As I explained last Friday, when the dust cleared, it was apparent that all six of these April patches:

  • Win7 and Server 2008 R2 Monthly Rollup (KB 4493472) and Security-only (KB 4493448) patches
  • Win8.1 and Server 2012 R2 Monthly Rollup (KB 4493446) and Security-only (KB 4493467) patches
  • Server 2012 Monthly Rollup (KB 4493451) and Security-only (KB 4493450 ) patches

would trigger blue screens on reboot on most systems running Sophos antivirus products, and many systems running AV products from Avast and Avira.

To read this article in full, please click here

Categories: Latest Security News

Google, Hyperledger launch online identity management tools

Computer World Security - Mon, 04/15/2019 - 04:00

In two separate announcements last week, Google and Linux's Hyperledger project launched tools aimed at enabling secure identity management for enterprises via mobile and other devices.

Google unveiled five upgrades to its BeyondCorp cloud enterprise security service that enables identity and access management for employees, corporate partners, and customers.

To read this article in full, please click here

Categories: Latest Security News

You Can Now Get This Award-Winning VPN For Just $1/month

Computer World Security - Wed, 04/10/2019 - 13:33

If you use the internet (which you clearly do), you likely know how important it is to protect your data in an increasingly dangerous cyber environment. But like other essential tasks that tend to be tedious (like filing taxes early and brushing your teeth for the full two minutes), most installing and running a VPN can sound unappealing to many: sure, they encrypt your internet traffic and hide your location — but they can also run frustratingly slowly, delaying the way you’d usually use the internet for entertainment and work.

That’s where Ivacy VPN is different: not only will the speedy service let you browse and stream lag-free, it also offers real-time threat detection technology, removing malware and viruses at the server level. It ensures that all your downloads and devices stay totally secure, so you can stay safe online without being inconvenienced.

To read this article in full, please click here

Categories: Latest Security News

Massive bank app security holes: You might want to go back to that money under the mattress tactic

Computer World Security - Fri, 04/05/2019 - 11:24

A new report from a well-regarded payments consulting firm has found a lengthy list of security insanity while examining several major fintech company mobile apps. Although the very nature of apps that manage and move money would suggest presumably strong security, banks and their cohorts tend to adopt new technology slower than almost any other vertical, which puts them in a bad place when it comes to security.

My favorite finding from the Aite Group report: "Several mobile banking apps hard-coded private certificates and API keys into their apps. [Thieves] could exploit this by copying the private certificates to their computers and running any number of free password-cracking programs against them," the report noted. "Should the [attackers] successfully crack the private key, they would be able to decrypt all communication between the back-end servers and mobile devices, among other things. The API keys allow an adversary to then begin targeting the [financial institution’s] API servers, gaining them access to data in the back-end databases. This allows [attackers] to authenticate the device with the back-end servers of that app, since this is what APIs use for authentication and authorization."

To read this article in full, please click here

Categories: Latest Security News

Microsoft Patch Alert: Most March patches look good

Computer World Security - Mon, 04/01/2019 - 17:04

March was an unusually light patching month – all of Office only had one security patch – and there don’t appear to be any immediate patching worries. Just as in the past few months, Microsoft’s holding off on its second cumulative update for Windows 10 1809, raising hopes that it’s taking Win10 quality more seriously.

Win10 1809 deployment proceeded at a positively lethargic rate, even though Microsoft declared the OS fit for business consumption last week, leading to all sorts of speculation about the next-next update, Win10 version 1903, ultimately overtaking its younger sibling.

To read this article in full, please click here

Categories: Latest Security News

With its Apple Card, Apple edges further into financial services

Computer World Security - Fri, 03/29/2019 - 04:00

Apple's Monday announcement of a credit card – the Apple Card – represented a natural progression of the company's journey into financial services that began with the Apple Wallet app and its contactless digital payment service, Apple Pay.

Apple

The Apple Card, as described by the company this week, will offer users some attractive features: up to 3% cash back on daily purchases, no late or international transaction fees, and a physical chipped card make of titanium (sans any credit card numbers – just your name and an Apple symbol).

To read this article in full, please click here

Categories: Latest Security News

Microsoft connects rival browsers to Windows 10's Application Guard

Computer World Security - Tue, 03/26/2019 - 04:00

Microsoft earlier this month released a pair of add-ons for Google's Chrome and Mozilla's Firefox to cobble together an unwieldy connection between those browsers, Edge and Windows 10's advanced security technology, Windows Defender Application Guard (WDAG).

The debut of the browser extensions - separate add-ons for Chrome and Firefox - was quietly plugged at the end of a March 15 blog post relating a recent Windows Insider build. That build, 18358, will lead, presumably next month, to Windows 10's next feature upgrade, labeled 1903 and also Windows 10 April 2019 Update.

To read this article in full, please click here

Categories: Latest Security News

ASUS Live Update Utility cracked, installs ShadowHammer backdoor on 1M PCs, but only 600 targeted

Computer World Security - Mon, 03/25/2019 - 10:28

Great way to wake up on Monday morning, especially if you own an ASUS machine.

Kaspersky just published a teaser for a more thorough explanation to come in two weeks at the Kaspersky Security Analysts Summit in Singapore. It’s quite an eye-opener.

Apparently somebody broke into the ASUS update servers, and swapped out a valid software/firmware update with one of their own. The bogus update looked like the genuine thing, with a valid certificate, and its size matched the original’s size. As a result, the bad update stayed on ASUS’s servers “for a long time.”

To read this article in full, please click here

Categories: Latest Security News

How blockchain is becoming the 5G of the payment industry

Computer World Security - Mon, 03/25/2019 - 04:00

As more blockchain-based payment networks and fiat-backed digital currencies – including one from the largest U.S. bank – emerge, experts and analysts are predicting a sea change for the financial services industry.

"I think you're starting to see a growing consensus," said Matt Savare, a partner who works in the technology group of New Jersey-based law firm of Lowenstein Sandler LLP. "I do quite a bit of FinTech and I can tell you my clients... the banks, are inherently conservative – at least the large ones. But once they see other banks adopt new technologies, you see it snowball. Other banks will often join on in pretty quick fashion."

To read this article in full, please click here

Categories: Latest Security News

How blockchain is becomming the 5G of the payment industry

Computer World Security - Mon, 03/25/2019 - 04:00

As more blockchain-based payment networks and fiat-backed digital currencies – including one from the largest U.S. bank – emerge, experts and analysts are predicting a sea change for the financial services industry.

"I think you're starting to see a growing consensus," said Matt Savare, a partner who works in the technology group of New Jersey-based law firm of Lowenstein Sandler LLP. "I do quite a bit of FinTech and I can tell you my clients... the banks, are inherently conservative – at least the large ones. But once they see other banks adopt new technologies, you see it snowball. Other banks will often join on in pretty quick fashion."

To read this article in full, please click here

Categories: Latest Security News

How to audit Windows Task Scheduler to detect attacks

Computer World Security - Wed, 03/20/2019 - 04:00
Learn how to prevent attackers from using Task Scheduler to hide and set up tasks to access Windows systems.
Categories: Latest Security News

Heavenly tech support

Computer World Security - Tue, 03/19/2019 - 04:00

Pilot fish is helping his pastor fine-tune the church LAN when he notices that the day-care facility next door has a wide-open and unsecured Wi-Fi connection.

Fish’s pastor wants to connect to the day-care center’s printer and print a document saying, “This is from your neighbors. You need to tighten the security on your Wi-Fi.”

Fish suggests that they instead print a document that says, “This is from God. You need to go to church. There’s a really nice one right next door.”

“Too bad the pastor overruled me,” says fish.

Sharky wants your true tale of IT life. If you can’t send it directly to my printer, email it to me at sharky@computerworld.com. You can also subscribe to the Daily Shark Newsletter and read some great old tales in the Sharkives.

To read this article in full, please click here

Categories: Latest Security News

Slack rolls out enterprise key management, but has no plans for end-to-end encryption

Computer World Security - Mon, 03/18/2019 - 10:28

Slack has given large business customers control over the keys used to encrypt and decrypt data created in its team collaboration application. 

The enterprise key management (EKM) feature was initially unveiled at the company’s Frontiers event in San Francisco in September, ahead of a closed pilot project; it is now available to all customers of Enterprise Grid, which is targeted at company-wide deployments at large organizations. 

To read this article in full, please click here

Categories: Latest Security News

March 2019 Windows and Office patches poke a few interesting places

Computer World Security - Wed, 03/13/2019 - 07:21

Patch Tuesday has come and gone, not with a bang but a whimper. As of this moment, early Wednesday morning, I don’t see any glaring problems with the 124 patches covering 64 individually identified security holes. But the day is yet young.

There are a few patches of note.

Two zero days

Microsoft says that two of this month’s security holes — CVE-2019-0797 and CVE-2019-0808 — are being actively exploited. The latter of these zero days is the one that was being used in conjunction with the Chrome exploit that caused such a kerfuffle last week, with Google urging Chrome browser users to update right away, or risk the slings of nation-state hackers. If you’ve already updated Chrome (which happens automatically for almost everybody), the immediate threat has been thwarted already.

To read this article in full, please click here

Categories: Latest Security News

Apple’s Box security scare shows the risk of shadow IT

Computer World Security - Tue, 03/12/2019 - 11:25

Until enterprise IT truly gets to understand that its own internal systems need to be as easy to use as any iOS app and as easy to learn as an iPhone, potentially damaging data breaches will take place, threatening business confidentiality. Apple is not immune.

Apple and the human interface

The news is that information from some of the world’s biggest names in business – including Apple, Edelman and Discovery Channel – could have been accessed through Box Enterprise, which offers companies bespoke company name-based file archiving and sharing services using this URL construction:

https://<companyname>.app.box.com/v/<filename>

To read this article in full, please click here

Categories: Latest Security News

Microsoft to start selling Windows 7 add-on support April 1

Computer World Security - Tue, 03/05/2019 - 13:06

Microsoft plans to start selling its Windows 7 add-on support beginning April 1.

Labeled "Extended Security Updates" (ESU), the post-retirement support will give enterprise customers more time to purge their environments of Windows 7. From Windows 7's Jan. 14, 2020 end of support, ESU will provide security fixes for uncovered or reported vulnerabilities in the OS.

[ Related: Windows 7 to Windows 10 migration guide ]

Patches will be issued only for bugs rated "Critical" or "Important" by Microsoft, the top two rankings in a four-step scoring system.

To read this article in full, please click here

Categories: Latest Security News

Huawei’s possible lawsuit, ransomware readiness, old malware resurfaces | TECH(feed)

Computer World Security - Tue, 03/05/2019 - 13:00
The ongoing battle between the U.S. and Huawei could soon go to court as Huawei reportedly prepares to sue the U.S. government. Plus, 2019 will see ride sharing companies going public… but which will be first? And as a decade-old malware resurfaces in enterprise networks, a report questions if the world is ready for the next large-scale ransomware attack.
Categories: Latest Security News

Microsoft Patch Alert: After a serene February, Microsoft plops KB 4023057 into the Update Catalog

Computer World Security - Fri, 03/01/2019 - 08:50

Microsoft continues to hold Windows 10 version 1809 close to the chest. While all of the other Win10 versions have had their usual twice-a-month cumulative updates, the latest version of the last version of Windows, 1809, still sits in the Windows Insider Release Preview Ring.

For most people, that’s excellent news. It seems that Microsoft is willing to hold off until they get the bugs fixed, at least in the 1809 releases. May I hear a “hallelujah” from the chorus?

Mystery update bulldozer KB 4023057 hits the Catalog

You’ve heard me talk about KB 4023057 many times, most recently in January. It’s a mysterious patch that Microsoft calls an “update reliability improvement” whose sole reason for existence, as best I can tell, is to blast away any blocks your machine may have to keep the next version of Windows (in this case, Win10 1809) from installing on your machine.

To read this article in full, please click here

Categories: Latest Security News

Now you can buy police-grade iPhone hacking tools on eBay

Computer World Security - Thu, 02/28/2019 - 07:25

If you want to hack your way into an old iPhone you can get hold of a law enforcement-grade system to do just that for a bargain price on eBay.

I think that’s a crime

I can’t stress this enough.

The very existence of tools like these is a threat to every smartphone user. This is because no matter how many times people argue that these solutions will only see use by law enforcement, these things always proliferate.

The fact that Celebrate systems law enforcement was until recently spending heavily on acquiring are now available on the open market for as little as $100 is a perfect illustration of this.

To read this article in full, please click here

Categories: Latest Security News

Pages

Subscribe to SecurityFeeds aggregator - Latest Security News