Free Republic 3rd Quarter Fundraising Target: $88,000 Receipts & Pledges to-date: $76,877
87%  
Woo hoo!! And now less than $11.5k to go and only $2.5k to the yellow!! We can do this. Thank you all very much!! God bless.

Keyword: security

Brevity: Headers | « Text »
  • A Brain-damaged US President with Finger on the Nuclear Button?

    08/28/2016 4:30:46 PM PDT · by Jyotishi · 45 replies
    New Eastern Outlook, journal-neo.org ^ | August 24, 2016 | F. William Engdahl
    Hillary Rodham Clinton seems to surround herself with more scandals than you can shake a stick at, as we said when I was growing up in Texas. We had the Mena, Arkansas scandals when her husband, Bubba, otherwise known as William Jefferson Clinton, was Attorney General and then Governor. Ambrose Evans Pritchard, the British Telegraph investigative journalist did a masterful documentation of that in his The Secret Life of Bill Clinton, when Bill was President facing impeachment in the 1990's. Then there are the Clinton Foundation scandals documented in the 2015 Peter Schweitzer book, Clinton Cash: The Untold Story of...
  • Another Travel Fiasco Courtesy of the TSA

    08/26/2016 10:32:05 AM PDT · by Tolerance Sucks Rocks · 43 replies
    The Daily Signal ^ | August 19, 2016 | Genevieve Wood
    I have long been a believer that, in most cases, a private company will do a more effective and efficient job than any government agency charged with the same task. My recent travel experience solidified that belief. It all started out with a half-empty water bottle at Ronald Reagan National Airport just outside the District of Columbia. I had checked in the night before, checked my bag at the curbside when I arrived, and now had a full hour to go through security. With Congress gone since late July and much of the District emptied out until Labor Day, I...
  • Ex-SEAL Who Wrote Book On Bin Laden Raid Forfeits $6.8 Million To Settle Criminal Probes

    08/19/2016 3:19:14 PM PDT · by Nero Germanicus · 33 replies
    http://pubx.co/bftjG4 ^ | 8/19/16 | Christopher Drew
    <p>Matt Bissonnette, a former member of Navy SEAL Team 6 who wrote an account of the raid that killed Osama bin Laden, agreed on Friday to forfeit $6.8 million in book royalties and speaking fees and apologized for failing to clear his disclosures with the Pentagon, according to federal court documents.</p>
  • Donald J. Trump Remarks on Creating a New and Better Future for America’s Inner Cities

    08/16/2016 8:39:55 PM PDT · by Ray76 · 82 replies
    DonaldJTrump.com ^ | Aug 16, 2016 | Donald J. Trump
    It’s so great to be here tonight. I am honored to also be joined this evening by Governor Scott Walker, Chairman Reince Priebus, and Mayor Rudy Giuliani. We are at a decisive moment in this election. Last week, I laid out my plan to bring jobs back to our country. Yesterday, I laid out my plan to defeat Radical Islamic Terrorism. Tonight, I am going to talk about how to make our communities safe again from crime and lawlessness. Let me begin by thanking the law enforcement officers here in this city, and across this country, for their service and...
  • (Apple's) Tim Cook: Privacy Is Worth Protecting

    08/15/2016 9:11:07 PM PDT · by Swordmaker · 27 replies
    Information Week Government ^ | August 15, 2016 | By Eric Zeman
    Tim Cook: Privacy Is Worth Protecting Apple CEO Tim Cook leans on the Founding Fathers to suggest the company did the right thing when asked by the FBI to unlock a terrorist's iPhone. It's an issue that affects IT professionals who need to protect company data, as well as consumers and their personal information. iPhone Encryption: 5 Ways It's Changed Over Time(Click image for larger view and slideshow.) Apple caused quite a stir earlier this year when it refused a request from the US Department of Justice to unlock a suspected terrorist's iPhone. At the time, Apple argued that the...
  • Calculating the Costs of Muslim Terrorism: La Braderie, For Example

    08/13/2016 12:04:33 PM PDT · by Tolerance Sucks Rocks · 17 replies
    Jihad Watch ^ | August 9, 2016 | Hugh Fitzgerald
    The mayor of Lille, in northeast France, has just announced the cancellation of La Braderie, the largest flea market in Europe, with 10,000 exhibitors and, last year, 2.5 million visitors. Martine Aubry, the mayor, and a Socialist stalwart, said that the safety of visitors could not be assured – “there are risks we cannot reduce.” By this she meant, of course, risks of an attack by Muslim terrorists. Only once before, during the goose-stepping German occupation, has La Braderie ever been called off. The cancellation of this gigantic event is a severe economic blow to those exhibitors from all over...
  • Google says most users 'protected' against 'Quadrooter' Play Store should spot exploits

    08/11/2016 2:30:21 AM PDT · by Swordmaker · 5 replies
    The Register UK ^ | 10 August 2016, 2:28pm | By Richard Chirgwin
    The “Quadrooter” vulnerabilities in Qualcomm-based Android phones might grant total control over target devices, but Google reckons attacks should hardly ever reach users. The Chocolate Factory reckons the Verify Apps feature in its Play Store was already blocking apps that tried to take advantage of Quadrooter. Only a reckless user would be compromised in the first place, since you'd have to download a compromised app from a non-Google source – and that's where Verify Apps comes in. Google pointed out to Android Central that the four-year-old feature, along with its SafetyNet, was designed to protect users from non-Play Store malice....
  • Bungling Microsoft singlehandedly proves that golden backdoor keys are a terrible idea

    08/10/2016 11:44:58 AM PDT · by Swordmaker · 13 replies
    The Register UK ^ | 10 Aug 2016 at 06:56, | By Chris Williams
    Redmond races to revoke Secure Boot debug policy Microsoft leaked the golden keys that unlock Windows-powered tablets, phones and other devices sealed by Secure Boot – and is now scrambling to undo the blunder. These skeleton keys can be used to install non-Redmond operating systems on locked-down computers. In other words, on devices that do not allow you to disable Secure Boot even if you have administrator rights – such as ARM-based Windows RT tablets – it is now possible to sidestep this block and run, say, GNU/Linux or Android. What's more, it is believed it will be impossible...
  • Former CIA Director And Hillary Supporter: "We Should Kill Russians And Iranians Covertly"

    08/09/2016 3:17:06 PM PDT · by amorphous · 34 replies
    ZeroHedge ^ | 9 August 2016 | Tyler Durden
    Last Friday, former deputy and acting director of the CIA, Mike Morell became the latest neocon to join the Hillary bandwagon with a NYT Op-Ed titled "I Ran the C.I.A. Now I'm Endorsing Hillary Clinton" in which he not only praised Hillary but slammed Donald Trump, as follows: "Mrs. Clinton is highly qualified to be commander in chief. I trust she will deliver on the most important duty of a president — keeping our nation safe. Second, Donald J. Trump is not only unqualified for the job, but he may well pose a threat to our national security.... In the...
  • 50 G.O.P. Officials Warn Donald Trump Would Put Nation’s Security ‘at Risk’

    08/09/2016 3:49:07 AM PDT · by darkness78 · 108 replies
    New york times ^ | 8/8/2016 | DAVID E. SANGER and MAGGIE HABERMAN
    Fifty of the nation’s most senior Republican national security officials, many of them former top aides or cabinet members for President George W. Bush, have signed a letter declaring that Donald J. Trump “lacks the character, values and experience” to be president and “would put at risk our country’s national security and well-being.”
  • FBI chief calls for national talk over encryption vs. safety

    08/08/2016 2:17:42 PM PDT · by Swordmaker · 43 replies
    AP Big Story ^ | Aug. 5, 2016 9:53 PM EDT | By PAUL ELIAS
    FBI Director James Comey gestures during an address to the American Bar Association annual meeting SAN FRANCISCO (AP) — The FBI's director said Friday the agency is collecting data to present next year in hopes of sparking a national conversation about law enforcement's increasing inability to access encrypted electronic devices. Speaking Friday at the American Bar Association annual conference in San Francisco, James Comey said the agency was unable to access 650 of 5,000 electronic devices investigators attempted to search over the last 10 months. He said the problem is only going to get worse without a discussion about the...
  • Android bug fear in 900 million phones

    08/08/2016 1:39:53 AM PDT · by Swordmaker · 20 replies
    BBC ^ | August 8, 2016 | By Mark Ward
    The flaws affect devices containing Qualcomm chips Serious security flaws that could give attackers complete access to a phone's data have been found in software used on tens of millions of Android devices. The bugs were uncovered by Checkpoint researchers looking at software running on chipsets made by US firm Qualcomm. Qualcomm processors are found in about 900 million Android phones, the company said. However, there is no evidence of the vulnerabilities currently being used in attacks by cyberthieves. "I'm pretty sure you will see these vulnerabilities being used in the next three to four months," said Michael Shaulov, head...
  • Chinese Olympic basketball team caught in the middle of gunfight between armed gangsters..

    08/05/2016 5:55:03 PM PDT · by PROCON · 31 replies
    dailymail.co.uk ^ | Aug. 5, 2016 | ALEXANDER ROBERTSON
    Full Title: Chinese Olympic basketball team caught in the middle of gunfight between armed gangsters and police as they arrive in Rio de Janeiro Chinese athletes found themselves in the middle of a shootout between armed gangsters and police officers after arriving in Rio de Janeiro for the Olympics. A group of basketball players and journalists were being bused to the Olympic Village from Tom Jobin International Airport when the gunfight occurred. The firefight erupted across two highways in the north of the city as the coach was travelling through, catching the Chinese delegation in the middle.
  • Black Hat 2016: Apple iPhone Updates Drub Android Counterparts

    08/05/2016 12:10:06 AM PDT · by Swordmaker · 7 replies
    investors' Business Daily ^ | August 3, 2016 | By ALLISON GATLIN
    The latest Black Hat security conference is underway in Las Vegas. (AP)" LAS VEGAS -- Apple (AAPL) iPhones are drubbing their Android counterparts on the mobile security front, say Atredis Partners founders Shawn Moyer and Josh Thomas. But Apple's dominance isn't necessarily tied to a more potent security posture."Not that many (Android users) are on the newest release of the OS (operating system)," Thomas said. "It's like Windows 95 out in the wild. ... People are saying Apple is winning security. This is one reason why."The Cupertino, Calif.-based tech giant is better at pushing updates, Thomas and Moyer told a...
  • DHS gives Somali Muslims special airport security tours because they felt harassed and profiled

    08/03/2016 7:46:03 PM PDT · by Rusty0604 · 25 replies
    Jihad Watch ^ | 08/03/2016 | Robert Spencer
    The Obama administration gave Somali Muslims behind-the-scenes tours at the Minneapolis-St. Paul International Airport — the nation’s 17th busiest in terms of passenger traffic — after the group “complained to Homeland Security Secretary Jeh Johnson about feeling harassed and profiled.” Johnson has been consistently failing in his department, which is a key part of U.S. counter-terrorism efforts; and engages our worst enemies in a well-practiced strategy of stealth jihadists of a victimology subterfuge. “The special security tours not offered to any other group” followed round-table dialogue meetings with local Somali leaders to get their feedback for “modifications to practices that...
  • Obama eyes takeover of presidential election security

    08/03/2016 11:26:35 AM PDT · by Nachum · 87 replies
    Washington Examiner ^ | 8/3/2016 | Paul Bedard
    Amid new claims from Republican Donald Trump that the fall election may be "rigged" against him, the Obama administration is considering taking a step toward nationalizing the cyber security of the process, according to Homeland Security Secretary Jeh Johnson. "We should carefully consider whether our election system, our election process, is critical infrastructure like the financial sector, like the power grid," Johnson told a media breakfast Wednesday. "There's a vital national interest in our election process, so I do think we need to consider whether it should be considered by my department and others critical infrastructure," he said at the...
  • America’s Electronic Voting Machines Are Scarily Easy Targets | WIRED

    08/02/2016 5:17:23 PM PDT · by MarchonDC09122009 · 31 replies
    Wired ^ | 08/02/2016 | Brian Barrett
    America’s Electronic Voting Machines Are Scarily Easy Targets | WIRED https://www.wired.com/2016/08/americas-voting-machines-arent-ready-election/ When people think that people think about doing something major to impact our election results at the voting machine, they think they’d try to switch results,” says Norden, referring to potential software tampering. “But you can do a lot less than that and do a lot of damage… If you have machines not working, or working slowly, that could create lots of problems too, preventing people from voting at all.” The extent of vulnerability isn’t just hypothetical; late last summer, Virginia decertified thousands of insecure WinVote machines. As one...
  • Woman with unsecured server next to toilet mocks Trump for wanting better comms security in military

    08/02/2016 8:50:36 AM PDT · by Sean_Anthony · 15 replies
    Canada Free Press ^ | 08/02/16 | Robert Laurie
    No, really, she is. It feels like everyone has been hacked by foreign operatives lately. Hillary’s campaign got hacked, the DNC got hacked, and hackers are regularly targeting the Pentagon as well as other arms of the federal machine. Even big corporations like Sony pictures are being hacked. So, on Friday, Donald Trump was discussing the idea that maybe, just maybe, we should look into some non-hackable security for military communications. That’s not a radical notion, right? As he put it:
  • Rio Olympics security firm fired, maligned police force takes over

    07/30/2016 7:38:52 PM PDT · by PROCON · 29 replies
    yahoo ^ | July 30, 2016 | Daniel Tran
    Less than a week before the 2016 Rio Olympics are set to start, the Brazil Ministry of Justice terminated its contract with a private firm that was supposed to provide security for the games. The ministry cited “incompetence and irresponsibility” from the Rio de Janeiro-based firm Artel, and moved to strip them of their duties. It’s not hard to see why the Ministry of Justice reacted so harshly. With only a few days left until the first venues are set to open, Artel admitted that they have only hired 500 security personnel. They were supposed to hire 3,400. These staff...
  • Donald Trump to Get National Intelligence Briefings Immediately

    07/29/2016 10:26:26 PM PDT · by 2ndDivisionVet · 63 replies
    The Hollywood Reporter ^ | July 29, 2016 | Ryan Parker
    "There is no stipulation anywhere that requires a security clearance for a presidential candidate. The fact that they're a candidate qualifies them," says James R. Clapper Jr., the director of National Intelligence. Donald Trump will begin to get intelligence briefings now that he is the official GOP candidate for president. Both Trump and Democratic nominee Hillary Clinton will get briefings as soon as next week, James R. Clapper Jr., the director of National Intelligence, said Thursday during the Aspen Security Forum. Although Trump is a notorious tweeter and Clinton has been on the hot seat for her email server, Clapper...
  • Camp Bastion Families Want Answers About Afghanistan

    11/14/2012 3:48:06 AM PST · by Kaslin · 16 replies
    Townhall.com ^ | November 14, 2012 | Michelle Malkin
    While Secretary of State Hillary Clinton boozes it up in Australia and the Pentagon grapples with more floozy eruptions, outraged military families are still waiting for answers about the forgotten 9/14 attack on Camp Bastion. Muckrakers and distraction engineers are having a front-page field day with the so-called "sex scandal." But for surviving relatives and colleagues of heroic Marine Lt. Col. Christopher Raible and Sgt. Bradley Atwell, it's the national security scandal at Afghanistan's Camp Bastion that deserves headline coverage. There's been a virtual blackout of the alarming story in the national press. As I reported last month, the meticulously...
  • The Latest: Trump: Clinton shouldn't get security briefings

    07/27/2016 9:25:07 AM PDT · by 2ndDivisionVet · 29 replies
    KHNL-TV ^ | July 27, 2016 | The Associated Press
    PHILADELPHIA (AP) - The Latest on the Democratic National Convention (all times EDT): 11:55 a.m. Donald Trump says he has a "real problem" with Hillary Clinton's access to security briefings as a presidential nominee, saying she is "probably hacked." Speaking to reporters in Miami Wednesday, Trump suggested that Clinton is a security risk because she used a private email server while secretary of state. The FBI found that government secrets passed through the server in her home when she blended official and personal work. FBI Director Eric Holder said he did not charge Clinton because the probe found no intent...
  • New attack that cripples HTTPS crypto works on Macs, Windows, and Linux (link Only due to ©)

    07/26/2016 1:00:39 PM PDT · by Swordmaker · 11 replies
    Ars Technica | 7/26/2016, 10:14 AM | By DAN GOODIN -
    Due to copyright concerns this will be link only article. Read all about it at the Ars Technica site: New attack that cripples HTTPS crypto works on Macs, Windows, and Linux (link Only due to ©)
  • Hillary Tells Veterans She Takes "nothing more seriously than our security."

    07/25/2016 3:32:31 PM PDT · by AJFavish · 62 replies
    YouTube ^ | July 25, 2016 | Allan J. Favish
    https://www.youtube.com/watch?v=4LLzKEudhgA Listen at 14:09 when Hillary says: "I take nothing more seriously than our security." She did not discuss what the FBI Director said about her private email server, or how her State Department denied our Ambassador in Benghazi additional security, how she and Obama refused to rescue the Americans in Benghazi when lives could have been saved.
  • Anti-Muslim sentiment on rise in Europe due to migration and Isil... (trunc)

    07/24/2016 5:03:25 PM PDT · by Utilizer · 23 replies
    The Telegraph ^ | 12 July 2016 | Peter Foster
    Europe is rejecting the idea that multi-culturalism is beneficial to society following a year in which the migrant crisis and Isil-inspired terror attacks have boosted anti-Muslim sentiment across the continent, a new Europe-wide survey has shown. The data from Pew Research, the leading non-partisan US social attitudes survey company, will serve as another sharp warning to Europe’s political elites about the growing strength of grassroots sentiment over the migration issue.
  • iOS, Mac vulnerabilities allow remote code execution through a single image

    07/22/2016 6:13:51 PM PDT · by Swordmaker · 6 replies
    ZDNet ^ | July 22, 2016 -- 09:59 GMT (02:59 PDT) | By Charlie Osborne
    Researchers have discovered that image files can bury malware, allowing malicious code access without detection. Security flaws which affect both Apple iOS and Mac devices permit attackers to grab your passwords and data, researchers claim. According to researchers from Cisco's Talos, a set of five vulnerabilities, if exploited, could lead to data theft and remote code execution -- which in its worst state may result in device hijacking. The set of bugs, CVE-2016-4631, CVE-2016-4629, CVE-2016-4630, CVE-2016-1850, and CVE-2016-4637, are all caused by how Apple processes image formats. Apple offers APIs as interfaces for accessing image data, and according to Talos,...
  • Dell SonicWall GMS comes with hidden backdoor

    07/20/2016 10:25:23 PM PDT · by Utilizer · 4 replies
    iTnews (AUS) ^ | Jul 21 2016 11:21AM (AUS) | Juha Saarinen
    Researchers have discovered a range of vulnerabilities in Dell's SonicWall Global Management System (GMS) console, including a hidden default account with an easily guessable password. US security vendor Digital Defense said the hidden account can be accessed through a command line interface client that can be downloaded from the console of the GMS web application. Non-administrative users can be added with the command line interface; however, they can log into the web interface and change the password for the admin user. By logging in with the admin user account, attackers using this method can get full contol of the GMS,...
  • 'Thousands' of products vulnerable to code hooking abuse

    07/19/2016 5:53:01 PM PDT · by Utilizer · 3 replies
    iTnews (AUS) ^ | Jul 20 2016 6:29AM (AUS) | Juha Saarinen
    Bad implementation of the low-level code hooking technique by Microsoft and third-party security vendors has left millions of users open to attacks that bypass mitigation measures - some for up to a decade, researchers have found. Hooking is used by different kinds of software to monitor as well as to intercept and change the behaviour of operating system functions, and if needed, to inject code. Security software uses code hooking extensively to check for malicious activity on systems. EnSilo researchers Tomer Bitton and Udi Yavo said they looked at the hooking engines and injection techniques used by more than 15...
  • Fifteen-year-old server-side bug opens up websites

    07/18/2016 5:37:21 PM PDT · by Utilizer · 6 replies
    iTnews (AUS) ^ | Jul 19 2016 6:08AM (AUS) | Juha Saarinen
    A remotely exploitable vulnerability in web application code, first discovered 15 years ago, has returned to haunt server admins who are being urged to take action immediately to avoid being hit. Researchers from New Zealand point of sale software company Vend, Dominic Scheirlink, Richard Rowe, Morgan Pyne and Scott Geary, worked with Red Hat product security staffer Kurt Seifried to document the flaw, which they have nicknamed Httpoxy. On vulnerable applications, the Httpoxy flaw is easily exploitable, the researchers said. Attackers can proxy outgoing HTTP requests and direct the server to open outwards connections to arbitrary IP addresses and transport...
  • Ubuntu user forums hack leaks millions of user details

    07/18/2016 6:41:00 AM PDT · by Utilizer · 5 replies
    iTnews (AUS) ^ | Jul 18 2016 6:27AM | Juha Saarinen
    Canonical, the parent company of popular Linux distribution Ubuntu, has disclosed that its user web forums have suffered a major data breach. Over the weekend, Canonical said that it had come across claims that a third party had a copy of the Ubuntu Forums database. The company was able to verify that a breach had taken place, with a database containing details of two million Ubuntu Forums users being leaked. No "active passwords" were copied over, although the attacker downloaded the random, hashed and salted strings generated by Ubuntu Single Sign On that is used for Forum logins. Canonical shut...
  • Ubuntu Linux forums hacked!

    07/15/2016 6:57:53 PM PDT · by Utilizer · 24 replies
    BetaNews ^ | Published 10 hours ago (that's what it says!) | Brian Fagioli
    There is a common misconception that all things Linux are bulletproof. The fact is, no software is infallible. When news of a Linux vulnerability hits, some Windows and Mac fans like to taunt users of the open source kernel. Sure, it might be in good fun, but it can negatively impact the Linux community's reputation -- a blemish, if you will. Today, Canonical announces that the Ubuntu forums have been hacked. Keep in mind, this does not mean that the operating system has experienced a vulnerability or weakness. The only thing affected are the online forums that people use to...
  • New ‘Ranscam’ Ransomware Lowers The Bar But Raises The Stakes

    07/14/2016 9:41:43 PM PDT · by Utilizer · 20 replies
    DarkReading ^ | 7/11/2016 05:15 PM | Kelly Jackson Higgins
    ... Ransomware variants are multiplying like rabbits: while some are more sophisticated and tougher to combat, others are more about scamming than kidnapping. Take the new Ranscam malware discovered by Cisco’s Talos team, a low-tech but highly destructive attack that demands ransom from its victims but never returns them their files because it actually deleted them. Ranscam isn’t the first ransomware variant to destroy files rather than return them after victims pay up—there’s AnonPop and JIGSAW, for example—but it’s a glaring example of how the ransomware scam itself is so lucrative and easy to pull off that less sophisticated attackers...
  • Maxthon Browser Sends Sensitive Data to China (!)

    07/14/2016 9:33:55 PM PDT · by Utilizer · 9 replies
    SecurityWeek ^ | July 14, 2016 | Eduard Kovacs
    ... Developed by China-based Maxthon International, the browser is available for all major platforms in more than 50 languages. In 2013, after the NSA surveillance scandal broke, the company boasted about its focus on privacy and security, and the use of strong encryption. Researchers at Fidelis Cybersecurity and Poland-based Exatel recently found that Maxthon regularly sends a file named ueipdata.zip to a server in Beijing, China, via HTTP. Further analysis revealed that ueipdata.zip contains an encrypted file named dat.txt. This file stores information on the operating system, CPU, ad blocker status, homepage URL, websites visited by the user (including online...
  • Dangerous malware discovered in EU energy company

    07/14/2016 9:22:11 PM PDT · by Utilizer · 21 replies
    iTnews (AUS) ^ | ul 15 2016 10:05AM (AUS) | Staff Writer
    A new piece of sophisticated malware has been discovered on the networks of an unnamed European energy company with what researchers believe is the potential to shut down an energy grid. Endpoint protection firm Sentinel One Labs discovered the malware and dubbed it SFG, revealing it not only collects information on the infected system but opens a backdoor through which a destructive payload could be launched. It affects all versions of Windows and has been produced to overcome next-generation firewalls and anti-virus software. The malware also shuts down when put into a sandboxed environment or a virtual machine to escape...
  • Why Cleveland police, not outside officers, will be handling arrests during RNC

    07/14/2016 1:57:45 PM PDT · by Covenantor · 29 replies
    Cleveland.com ^ | Cory Shaffer
    Why Cleveland Police, Not Outside Officers, Will Be Handling Arrests During RNC CLEVELAND, Ohio -- Thousands of police officers from departments around the country will help Cleveland police provide security during the Republican National Convention, but those police officers won't be arresting anyone. While those officers can detain anyone they feel has broken the law, a Cleveland police officer will actually make the decision whether to make a formal arrest, Deputy Cleveland Police Chief Ed Tomba told cleveland.com Wednesday. Cleveland police will take the lead, partly because it's Cleveland's convention, Tomba said. But it also makes more sense to have...
  • Vulnerability Exploitable via Printer Protocols Affects All Windows Versions

    07/13/2016 9:34:12 PM PDT · by Utilizer · 4 replies
    Softpedia ^ | Jul 12, 2016 21:05 GMT | Catalin Cimpanu
    Microsoft has patched today a critical security vulnerability in the Print Spooler service that allows attackers to take over devices via a simple mechanism. The vulnerability affects all Windows versions ever released. Security firm Vectra discovered the vulnerability (CVE-2016-3238), which Microsoft fixed in MS16-087. At its core, the issue resides in how Windows handles printer driver installations and how end users connect to printers. Exploit executes payload under SYSTEM user By default, in corporate networks, network admins allow printers to deliver the necessary drivers to workstations connected to the network. These drivers are silently installed without any user interaction and...
  • Microsoft Azure Stack won't run on your existing hardware

    07/13/2016 8:43:41 PM PDT · by Utilizer · 8 replies
    iTnews (AUS) ^ | Jul 13 2016 4:08PM (AUS) | Juha Saarinen
    Microsoft has revealed its forthcoming Azure Stack won't run on the hardware of customers' choosing, an about-face on its earlier position that the hybrid cloud product would be vendor-agnostic. The company's senior director of cloud platform marketing Mark Jewett today said Azure Stack would only be initially available with hardware from Microsoft partners Hewlett-Packard Enterprise, Dell and Lenovo. Jewett said Microsoft would "prioritise" Azure Stack delivery via "turnkey integrated systems" in the initial general availability release. "We’ve been working with systems vendors on integrated systems for a while now and see this as the best approach to bring Azure innovation...
  • Microsoft blacklists Secure Boot-disabling policies in Windows

    07/12/2016 8:08:46 PM PDT · by Utilizer · 8 replies
    iTnews (AUS) ^ | Jul 13 2016 9:00AM (AUS) | Juha Saarinen
    Microsoft's July round of patches fixes a vulnerability that could be used to bypass the Secure Boot protection feature if an attacker simply adds a policy to the target Windows systems. Microsoft mandates Secure Boot on newer PCs designed to run Windows. The feature is implemented in the unified extensible firmware interface (UEFI) code that checks the Windows boot loader before it starts up the operating system, to ensure it is digitally signed by Microsoft. Secure Boot can, however, be bypassed completely by applying a Windows group policy, providing attackers with full access to systems thought to be locked down....
  • TPD: Security guard accused of firing shots in parking garage argument

    07/12/2016 2:48:25 PM PDT · by ChicagoConservative27 · 7 replies
    Another shooting situation caught on camera — this time in Tampa, after a security guard got into an altercation with a group of men leaving the Ybor City parking garage. Everoy Farqharson, 31, employed by private security firm Farqharson confronted victims about urinating in parking garage Farqharson accused of firing gunshots at people in garage Officers arrested security guard Everoy Farqharson and charged him with two counts of aggravated assault with a firearm and battery. He was also charged with tampering with evidence and burglary of a conveyance for unlawfully entering the victim's car and removing shell casings from the...
  • Fugitive son of Detroit Imam arrested in Windsor

    10/29/2009 12:59:50 PM PDT · by Clive · 35 replies · 1,474+ views
    Canwest News Service ^ | 2009-10-29 | Jorge Barrera and Don McArthur
    The fugitive son of an Imam shot dead by U.S. federal agents Wednesday was arrested Thursday in downtown Windsor and in the custody Canadian border authorities, the FBI said in a statement. Mujahid Carswell, 30, also known as Mujahid Abdullah, was arrested by RCMP officers at about 1 p.m. Thursday without incident after police blocked off a downtown street and surrounded a house with a tactical team. He was witnessed being whisked away in a prisoner transport van and is currently in the custody of the Canada Border Services Agency on immigration violations. Mr. Carswell is the oldest son of...
  • The Hillary Defense

    07/09/2016 8:09:00 AM PDT · by darkwing104 · 6 replies
    The Coach's Team ^ | Saturday, July 9, 2016 | Jim Emerson, staff writer
    This week FBI Director James Comey recommended that the Justice Department not prosecute Hillary Clinton or members of her staff on charges of mishandling classified information. This action highlighted two sets of rules regarding national security--one for senior government officials and one for everyone else. Calling the former secretary of state and her staff was “extremely careless” using a private server and private email accounts for Government work and sending and receiving highly classified information. The FBI found that 110 of her emails contained such classified information. The director made his decision shortly after the agency interviewed Clinton in a...
  • Apple devices held for ransom, rumors claim 40M iCloud accounts hacked

    07/08/2016 10:46:39 PM PDT · by Swordmaker · 4 replies
    CSO ^ | July 8, 2016 | By Steve Ragan
    p>Since February, a number of Apple users have reported locked devices displaying ransom demands written in Russian.Earlier this week, a security professional posted a message to a private email group requesting information related a possible compromise of at least 40 million iCloud accounts.Salted Hash started digging around on this story after the email came to our attention. In it, a list member questioned the others about a rumor concerning "rumblings of a massive (40 million) data breach at Apple."How to respond to ransomware threatsThe message goes on to state that the alleged breach was conducted by a Russian actor, and...
  • Wendy’s releases list of over 1000 restaurants affected in credit card hack

    07/08/2016 6:54:21 PM PDT · by Utilizer · 47 replies
    whntnews19 ^ | Posted 7:27 pm, July 7, 2016 Updated at 07:34pm, July 7, 2016 | Tribune Media Wire
    Customers who have eaten at Wendy's restaurant and used a debit or credit card to pay for their food are being encouraged to check their statements and read more information on a cyber breach found at some franchise-owned restaurants. Alabama restaurants include five in Huntsville; two in Madison, and one each in Cullman, Decatur, Evergreen, Greenville, Guntersville, Jasper, Mobile, Rainsville, Scottsboro and Selma. Click for locations near you. Wendy's Company first reported unusual payment card activity in February 2016, and believes the activity may have occurred as early as October 2015. Then, on June 9, 2016, company officials reported that...
  • Russian Hackers Targeting iOS Device Users with Ransom Attacks

    07/08/2016 4:47:00 PM PDT · by Swordmaker · 7 replies
    AppAdvice ^ | July 8, 2016 | by Brent Dirks
    Protect yourself with two-factor authentication Salted Hash, a security blog from CSO, recently provided more details about the scam. Hackers first need to acquire a compromised an Apple ID by phishing, social engineering, data breach, or other method: From there, the attacker uses Find My iPhone and places the victim’s device into lost mode. At this point, they can lock the device, post a message to the lock screen and trigger a sound to play, drawing attention to it.In each of the cases reported publicly, the ransom demanded is usually $30 to $50. If a victim contacts the referenced email...
  • Chinese ad firm is behind HummingBad Android malware

    07/07/2016 10:43:22 PM PDT · by Utilizer · 3 replies
    iTnews (AUS) ^ | Jul 6 2016 2:47PM (AUS) | Staff Writer
    A malicious, criminal division of an otherwise legitimate Chinese tech company is behind a mobile malware distribution campaign that currently generates around US$300,000 a month, according to security researchers. Check Point this week published an in-depth threat analysis [pdf] following a five-month investigation into malware dubbed HummingBad, which was originally discovered in February. It is known to root Android devices, primarily for the purpose of generating revenue through fake ad clicks and fraudulent app installations. Check Point claims that Yingmob, a Chinese mobile ad server and analytics business, is developing and distributing the malware through a special corporate division of...
  • Mac malware gives attackers backdoor into OS X

    07/07/2016 10:11:59 PM PDT · by Utilizer · 11 replies
    iTnews (AUS) ^ | Jul 7 2016 3:36PM (AUS) | Staff Writer
    A newly discovered malware capable of cyber espionage and remote takeover is targeting Apple Mac computers, delivering its payload by opening up a backdoor connection to a command-and-control web server via the encrypted Tor network. Named Eleanor (or Backdoor.MAC.Eleanor), the malware arrives disguised as a drag-and-drop file conversion application called the EasyDoc Converter. The application is found on many credible third-party sites, according to an analysis from Bitdefender, whose security researchers uncovered the malware. The program is neither verified nor digitally signed by Apple. In reality, the program's true purpose is far more malevolent, granting attackers a backdoor connection that...
  • Symantec scrambles to patch severe holes in 26 products

    07/06/2016 10:19:36 PM PDT · by Utilizer · 27 replies
    iTnews (AUS) ^ | Jun 29 2016 12:09PM | Juha Saarinen
    Symantec enterprise and Norton security product users are being urged to patch their applications immediately after multiple dangerous vulnerabilities were discovered. The security firm has advised that 17 enterprise security products and nine Norton consumer offerings are affected. Google Project Zero researcher Tavis Ormandy discovered the flaws. The most serious is that the products unpack compressed executables in the operating system kernel to analyse them for malicious code. He said this dangerous practice means the vulnerability can be exploited by simply sending a link or an email - users don't need to do anything to activate an attack.
  • Design flaw breaks Android storage encryption

    07/06/2016 9:49:42 PM PDT · by Utilizer · 15 replies
    iTnews (AUS) ^ | Jul 5 2016 10:40AM | Juha Saarinen
    The full disk encryption used to safeguard information stored on Google Android devices can be broken, an independent researcher has found. Gal Beniamini spent several years analysing the TrustZone platform found on Qualcomm chipsets, and utilised previously gained knowledge to run code that is able to extract the encryption keys used to scramble stored data on Android devices. The researcher discovered that encryption keys derived from the TrustZone feature could be extracted by software and cracked by brute force outside the Android devices, thus bypassing security mechanisms that limit the number of password guesses that can be made.
  • HummingBad: Chinese malware infects 10 million Android devices, experts warn

    07/05/2016 8:03:35 PM PDT · by Utilizer · 6 replies
    News (.com .au) ^ | July 6, 201611:31am (AUS) | Matthew Dunn
    Cybersecurity specialist Check Point has been tracking the malware called HummingBad since its discovery in February and claim there has been a spike in infected devices. In a new report, Check Point said the malware was a multistage attack chain with two main components, which first infected Androids when people visited certain websites. “The first component attempts to gain root access on a device with a rootkit [software] that exploits multiple vulnerabilities. If successful, attackers gain full access to a device,” the report read. “If rooting fails, a second component uses a fake system update notification, tricking users into granting...
  • Lenovo hunts BIOS backdoor bandits

    07/05/2016 7:32:33 PM PDT · by Utilizer · 12 replies
    iTnews (AUS) ^ | Jul 6 2016 6:06AM (AUS) | Juha Saarinen
    PC giant Lenvo has launched an investigation with Intel to find out which of its suppliers introduced the recently-disclosed BIOS level "ThinkPwn" vulnerability that allows attackers to bypass hardware protections on the company's ThinkPad laptops and other computers. Researcher Dmytro Oleksiuk discovered a flaw that allowed arbitrary code execution using the Intel system management mode (SMM) feature in processors. The exploit is able to bypass the write protection in PCs' flash memory, and in turn disable the Unified Extensible Firmware Interface (UEFI) Secure Boot, and the Windows 10 Enterprise Credentials Guard security feature. Oleksiuk also found suspicious SMM code in...