Items tagged with security

Google has a message for webmasters serving up malware and it goes something like this: Fool me once, shame on you. Fool me twice, shame on me. Going forward, Google is plugging what it calls a "gap" in its online protection scheme that allowed sites serving up malicious content to become repeat offenders without much repercussion or warning to users. In the past, sites that ran afoul of Google's "Malware, Unwanted Software, Phishing, and Social Engineering Policies" were temporarily branded with a warning to users. The brand would remain until Google could verify that the site is no longer serving... Read more...
What's that in the air? Could it be the smell of egg nog and pine? Nope, it's Microsoft Patch Tuesday, of course! This month's rollout is rather large and notable for a number of reasons. However, what matters most is that if you're not up-to-date yet, you'll want to take a little trip to the Windows Update section and take care of business. Speaking of business, the advice to update is imperative for those managing user PCs in the enterprise, as this rollout of patches includes a fix for a huge bug Google disclosed one week ago. This bug, called CVE-2016-7255, is a local privilege escalation flaw... Read more...
Ahmed Mehtab, a student from Pakistan and the CEO of Security Fuse, is in the running to score a $20,000 payday from Google's bug bounty program. While there remains some red tape to clear, Mehtab is likely to receive the bounty for discovering a rather crafty flaw in Gmail relating to its authentication and verification system, one that could make it possible for a remote hacker to hijack a Gmail account. The vulnerability lies in how Google handles multiple Gmail accounts. A user who has more than one Gmail address can link them and have the primary Gmail account forward email to secondary accounts.... Read more...
There's been no shortage of stories regarding Android security of the years, a fact that has worried some fans of the "openness" of the OS. Each new security story makes it seem more likely that the OS will become a little more locked-down, a la iOS. Well, that might not happen after all, because as it stands today, Google is confident that Android is just as secure as iOS. This was revealed at a security conference in New York last week, by Google's Director of Security for Android, Adrian Ludwig. He plainly states, "For almost all threat models, they [Android and iOS] are nearly identical in... Read more...
Once again Google and Microsoft are at odds over the former's decision to disclose a zero-day vulnerability affecting the latter's Windows operating system. Google alerted both Adobe and Microsoft on October 21, 2016, of previously disclosed security flaws it discovered and in the time that has passed Adobe has issued patch (CVE-2016-7855) and Microsoft has not. Google's policy on zero-day and other critical vulnerabilities it believes are being actively exploited in the wild is to give software makers seven days to issue a patch or advisory. Once that time period elapses, Google discloses the... Read more...
Twitter needs to get a handle on its Promoted Tweets feature and it needs to do it quickly. The problem has to do with vetting, or lack thereof. We don't know how widespread the problem is, but there is at least one Promoted Tweet going around that is nothing more than a phishing scam preying on the desire of Twitter users to have a verified account.The microblogging service previously reserved restricted accounts for Twitter users that it identified on its own as being worthy of such a badge, typically celebrities, famous athletes, popular media personalities, and other prominent users. A little... Read more...
There are many different ways of hacking into a person's email account. Some are rather sophisticated and involve a lot of effort, while on the end of the spectrum a scheme known as phishing is one of the easiest methods—all you need is a cooperative victim with limited technical savvy. Hackers found both in John Podesta, Chairman of the Hillary Clinton presidential campaign.What is even more startling is that hackers found the same in Clinton's IT staff. It now appears that it was not some complex hacking that compromised the security of Podesta's email account, it was the inability to recognize... Read more...
Whether you use Linux at home or manage a Linux server, you'll want to waste no time in making sure your OS is completely up-to-date. An exploit called "Dirty COW" has now been revealed, and while it's not the most dangerous one ever released, the fact that it's been around for nine years is causing some serious alarm throughout the Linux community. If not for the fact that Linux developer Phil Oester was impacted by this exploit, we might still not even know about it. With his own servers, Oester has been capturing all incoming traffic so as to spot issues easier, this one included. While the... Read more...
Maybe he’s the hero the United States “deserves, but not the one it needs right now”. It looks like the United States has its own hacking Dark Knight. American vigilante hacker “The Jester” gained unauthorized access to the Russian Ministry of Foreign Affairs website and left a very interesting message for the Russian government. This past Friday, the Jester hacked into MID.ru, the official website of the Russian Ministry of Foreign Affairs. He found a vulnerability in the website’s code and injected his own code into it. He inserted the shriek of the American civil alert sound (aka "The Emergency... Read more...
So here we go again, another "massive and sustained Internet attack" made possible by a large collection of hacked Internet of Things (IoT) devices, things such as CCTV video cameras, digital video records, all sorts of smart home gadgets with a connection to the Internet, KrebsOnSecurity has determined. This is not the first time it has happened and it won't be the last. The recent attack, an apparent retaliation by WikiLeak supporters after the Obama administration allegedly used its influence to push the Ecuadorian government to cut off Internet access to whistleblower Julian Assange, focused... Read more...
Police in the Czech Republic have arrested a Russian hacker for his suspected involvement in a massive 2012 cyber attack against LinkedIn. LinkedIn had been working with the FBI to track down the individuals responsible for the data breach, which exposed hashed passwords from over 100 million user accounts that were later offered for sale on the "dark web." LinkedIn initially acknowledged the security breach four years ago, though at the time it didn't say how many people were affected by it. Then this past May, a hacker was found attempting to sell LinkedIn account credentials belonging to 117... Read more...
There is a reported flaw present in processors based on Intel's Haswell microarchitecture that could allow attackers to effectively sidestep security roadblocks and install malware onto systems, security researchers warn. The method works on most operating systems, including Windows 10, and unless a fix is issued it could lead to more prominent and potent malware attacks. The researchers who discovered the flaw developed a bypass for Intel's Address Space Layout Randomization (ASLR) technology present on Haswell processors and demonstrated the technique at the IEEE/ACM International Symposium on... Read more...
Getting hit with ransomware, a form of malware that encrypts your files and holds them hostage until you pay the hacker responsible to decrypt them, is no laughing matter, at least if you're the victim. But for cyber crooks becoming ever more brazen, the temptation to taunt victims and security researchers is sometimes too much. That's been the case with the person responsible for the DXXD ransomware. DXXD is a nasty bit of code that's been going after servers for the past couple of weeks. Luckily there are good guys out there that act as security super heroes. One of them is Michael Gillespie,... Read more...
It's the second Tuesday of the month, so that can mean only one thing: Microsoft has some Windows security updates waiting for us. This month, the company has tackled a total of five "Critical" bugs, so it's highly recommended that every Windows user go and update whether you're at home managing one PC or in the enterprise managing thousands. Security research firm Qualys encourages the same, as the entire update package eradicates five 0-day issues. In all, ten security updates were released affecting browsers, Office, GDI+, kernel drivers, the registry, messaging, and... of course, Adobe Flash.... Read more...
Prev 1 2 3 4 5 Next ... Last