Free Republic 3rd Quarter Fundraising Target: $88,000 Receipts & Pledges to-date: $29,554
33%  
Woo hoo!! And the first 33% is in!! Thank you all very much!! God bless.

Keyword: security

Brevity: Headers | « Text »
  • The Latest: Trump: Clinton shouldn't get security briefings

    07/27/2016 9:25:07 AM PDT · by 2ndDivisionVet · 29 replies
    KHNL-TV ^ | July 27, 2016 | The Associated Press
    PHILADELPHIA (AP) - The Latest on the Democratic National Convention (all times EDT): 11:55 a.m. Donald Trump says he has a "real problem" with Hillary Clinton's access to security briefings as a presidential nominee, saying she is "probably hacked." Speaking to reporters in Miami Wednesday, Trump suggested that Clinton is a security risk because she used a private email server while secretary of state. The FBI found that government secrets passed through the server in her home when she blended official and personal work. FBI Director Eric Holder said he did not charge Clinton because the probe found no intent...
  • New attack that cripples HTTPS crypto works on Macs, Windows, and Linux (link Only due to ©)

    07/26/2016 1:00:39 PM PDT · by Swordmaker · 11 replies
    Ars Technica | 7/26/2016, 10:14 AM | By DAN GOODIN -
    Due to copyright concerns this will be link only article. Read all about it at the Ars Technica site: New attack that cripples HTTPS crypto works on Macs, Windows, and Linux (link Only due to ©)
  • Hillary Tells Veterans She Takes "nothing more seriously than our security."

    07/25/2016 3:32:31 PM PDT · by AJFavish · 62 replies
    YouTube ^ | July 25, 2016 | Allan J. Favish
    https://www.youtube.com/watch?v=4LLzKEudhgA Listen at 14:09 when Hillary says: "I take nothing more seriously than our security." She did not discuss what the FBI Director said about her private email server, or how her State Department denied our Ambassador in Benghazi additional security, how she and Obama refused to rescue the Americans in Benghazi when lives could have been saved.
  • Anti-Muslim sentiment on rise in Europe due to migration and Isil... (trunc)

    07/24/2016 5:03:25 PM PDT · by Utilizer · 23 replies
    The Telegraph ^ | 12 July 2016 | Peter Foster
    Europe is rejecting the idea that multi-culturalism is beneficial to society following a year in which the migrant crisis and Isil-inspired terror attacks have boosted anti-Muslim sentiment across the continent, a new Europe-wide survey has shown. The data from Pew Research, the leading non-partisan US social attitudes survey company, will serve as another sharp warning to Europe’s political elites about the growing strength of grassroots sentiment over the migration issue.
  • iOS, Mac vulnerabilities allow remote code execution through a single image

    07/22/2016 6:13:51 PM PDT · by Swordmaker · 6 replies
    ZDNet ^ | July 22, 2016 -- 09:59 GMT (02:59 PDT) | By Charlie Osborne
    Researchers have discovered that image files can bury malware, allowing malicious code access without detection. Security flaws which affect both Apple iOS and Mac devices permit attackers to grab your passwords and data, researchers claim. According to researchers from Cisco's Talos, a set of five vulnerabilities, if exploited, could lead to data theft and remote code execution -- which in its worst state may result in device hijacking. The set of bugs, CVE-2016-4631, CVE-2016-4629, CVE-2016-4630, CVE-2016-1850, and CVE-2016-4637, are all caused by how Apple processes image formats. Apple offers APIs as interfaces for accessing image data, and according to Talos,...
  • Dell SonicWall GMS comes with hidden backdoor

    07/20/2016 10:25:23 PM PDT · by Utilizer · 4 replies
    iTnews (AUS) ^ | Jul 21 2016 11:21AM (AUS) | Juha Saarinen
    Researchers have discovered a range of vulnerabilities in Dell's SonicWall Global Management System (GMS) console, including a hidden default account with an easily guessable password. US security vendor Digital Defense said the hidden account can be accessed through a command line interface client that can be downloaded from the console of the GMS web application. Non-administrative users can be added with the command line interface; however, they can log into the web interface and change the password for the admin user. By logging in with the admin user account, attackers using this method can get full contol of the GMS,...
  • 'Thousands' of products vulnerable to code hooking abuse

    07/19/2016 5:53:01 PM PDT · by Utilizer · 3 replies
    iTnews (AUS) ^ | Jul 20 2016 6:29AM (AUS) | Juha Saarinen
    Bad implementation of the low-level code hooking technique by Microsoft and third-party security vendors has left millions of users open to attacks that bypass mitigation measures - some for up to a decade, researchers have found. Hooking is used by different kinds of software to monitor as well as to intercept and change the behaviour of operating system functions, and if needed, to inject code. Security software uses code hooking extensively to check for malicious activity on systems. EnSilo researchers Tomer Bitton and Udi Yavo said they looked at the hooking engines and injection techniques used by more than 15...
  • Fifteen-year-old server-side bug opens up websites

    07/18/2016 5:37:21 PM PDT · by Utilizer · 6 replies
    iTnews (AUS) ^ | Jul 19 2016 6:08AM (AUS) | Juha Saarinen
    A remotely exploitable vulnerability in web application code, first discovered 15 years ago, has returned to haunt server admins who are being urged to take action immediately to avoid being hit. Researchers from New Zealand point of sale software company Vend, Dominic Scheirlink, Richard Rowe, Morgan Pyne and Scott Geary, worked with Red Hat product security staffer Kurt Seifried to document the flaw, which they have nicknamed Httpoxy. On vulnerable applications, the Httpoxy flaw is easily exploitable, the researchers said. Attackers can proxy outgoing HTTP requests and direct the server to open outwards connections to arbitrary IP addresses and transport...
  • Ubuntu user forums hack leaks millions of user details

    07/18/2016 6:41:00 AM PDT · by Utilizer · 5 replies
    iTnews (AUS) ^ | Jul 18 2016 6:27AM | Juha Saarinen
    Canonical, the parent company of popular Linux distribution Ubuntu, has disclosed that its user web forums have suffered a major data breach. Over the weekend, Canonical said that it had come across claims that a third party had a copy of the Ubuntu Forums database. The company was able to verify that a breach had taken place, with a database containing details of two million Ubuntu Forums users being leaked. No "active passwords" were copied over, although the attacker downloaded the random, hashed and salted strings generated by Ubuntu Single Sign On that is used for Forum logins. Canonical shut...
  • Ubuntu Linux forums hacked!

    07/15/2016 6:57:53 PM PDT · by Utilizer · 24 replies
    BetaNews ^ | Published 10 hours ago (that's what it says!) | Brian Fagioli
    There is a common misconception that all things Linux are bulletproof. The fact is, no software is infallible. When news of a Linux vulnerability hits, some Windows and Mac fans like to taunt users of the open source kernel. Sure, it might be in good fun, but it can negatively impact the Linux community's reputation -- a blemish, if you will. Today, Canonical announces that the Ubuntu forums have been hacked. Keep in mind, this does not mean that the operating system has experienced a vulnerability or weakness. The only thing affected are the online forums that people use to...
  • New ‘Ranscam’ Ransomware Lowers The Bar But Raises The Stakes

    07/14/2016 9:41:43 PM PDT · by Utilizer · 20 replies
    DarkReading ^ | 7/11/2016 05:15 PM | Kelly Jackson Higgins
    ... Ransomware variants are multiplying like rabbits: while some are more sophisticated and tougher to combat, others are more about scamming than kidnapping. Take the new Ranscam malware discovered by Cisco’s Talos team, a low-tech but highly destructive attack that demands ransom from its victims but never returns them their files because it actually deleted them. Ranscam isn’t the first ransomware variant to destroy files rather than return them after victims pay up—there’s AnonPop and JIGSAW, for example—but it’s a glaring example of how the ransomware scam itself is so lucrative and easy to pull off that less sophisticated attackers...
  • Maxthon Browser Sends Sensitive Data to China (!)

    07/14/2016 9:33:55 PM PDT · by Utilizer · 9 replies
    SecurityWeek ^ | July 14, 2016 | Eduard Kovacs
    ... Developed by China-based Maxthon International, the browser is available for all major platforms in more than 50 languages. In 2013, after the NSA surveillance scandal broke, the company boasted about its focus on privacy and security, and the use of strong encryption. Researchers at Fidelis Cybersecurity and Poland-based Exatel recently found that Maxthon regularly sends a file named ueipdata.zip to a server in Beijing, China, via HTTP. Further analysis revealed that ueipdata.zip contains an encrypted file named dat.txt. This file stores information on the operating system, CPU, ad blocker status, homepage URL, websites visited by the user (including online...
  • Dangerous malware discovered in EU energy company

    07/14/2016 9:22:11 PM PDT · by Utilizer · 21 replies
    iTnews (AUS) ^ | ul 15 2016 10:05AM (AUS) | Staff Writer
    A new piece of sophisticated malware has been discovered on the networks of an unnamed European energy company with what researchers believe is the potential to shut down an energy grid. Endpoint protection firm Sentinel One Labs discovered the malware and dubbed it SFG, revealing it not only collects information on the infected system but opens a backdoor through which a destructive payload could be launched. It affects all versions of Windows and has been produced to overcome next-generation firewalls and anti-virus software. The malware also shuts down when put into a sandboxed environment or a virtual machine to escape...
  • Why Cleveland police, not outside officers, will be handling arrests during RNC

    07/14/2016 1:57:45 PM PDT · by Covenantor · 29 replies
    Cleveland.com ^ | Cory Shaffer
    Why Cleveland Police, Not Outside Officers, Will Be Handling Arrests During RNC CLEVELAND, Ohio -- Thousands of police officers from departments around the country will help Cleveland police provide security during the Republican National Convention, but those police officers won't be arresting anyone. While those officers can detain anyone they feel has broken the law, a Cleveland police officer will actually make the decision whether to make a formal arrest, Deputy Cleveland Police Chief Ed Tomba told cleveland.com Wednesday. Cleveland police will take the lead, partly because it's Cleveland's convention, Tomba said. But it also makes more sense to have...
  • Vulnerability Exploitable via Printer Protocols Affects All Windows Versions

    07/13/2016 9:34:12 PM PDT · by Utilizer · 4 replies
    Softpedia ^ | Jul 12, 2016 21:05 GMT | Catalin Cimpanu
    Microsoft has patched today a critical security vulnerability in the Print Spooler service that allows attackers to take over devices via a simple mechanism. The vulnerability affects all Windows versions ever released. Security firm Vectra discovered the vulnerability (CVE-2016-3238), which Microsoft fixed in MS16-087. At its core, the issue resides in how Windows handles printer driver installations and how end users connect to printers. Exploit executes payload under SYSTEM user By default, in corporate networks, network admins allow printers to deliver the necessary drivers to workstations connected to the network. These drivers are silently installed without any user interaction and...
  • Microsoft Azure Stack won't run on your existing hardware

    07/13/2016 8:43:41 PM PDT · by Utilizer · 8 replies
    iTnews (AUS) ^ | Jul 13 2016 4:08PM (AUS) | Juha Saarinen
    Microsoft has revealed its forthcoming Azure Stack won't run on the hardware of customers' choosing, an about-face on its earlier position that the hybrid cloud product would be vendor-agnostic. The company's senior director of cloud platform marketing Mark Jewett today said Azure Stack would only be initially available with hardware from Microsoft partners Hewlett-Packard Enterprise, Dell and Lenovo. Jewett said Microsoft would "prioritise" Azure Stack delivery via "turnkey integrated systems" in the initial general availability release. "We’ve been working with systems vendors on integrated systems for a while now and see this as the best approach to bring Azure innovation...
  • Microsoft blacklists Secure Boot-disabling policies in Windows

    07/12/2016 8:08:46 PM PDT · by Utilizer · 8 replies
    iTnews (AUS) ^ | Jul 13 2016 9:00AM (AUS) | Juha Saarinen
    Microsoft's July round of patches fixes a vulnerability that could be used to bypass the Secure Boot protection feature if an attacker simply adds a policy to the target Windows systems. Microsoft mandates Secure Boot on newer PCs designed to run Windows. The feature is implemented in the unified extensible firmware interface (UEFI) code that checks the Windows boot loader before it starts up the operating system, to ensure it is digitally signed by Microsoft. Secure Boot can, however, be bypassed completely by applying a Windows group policy, providing attackers with full access to systems thought to be locked down....
  • TPD: Security guard accused of firing shots in parking garage argument

    07/12/2016 2:48:25 PM PDT · by ChicagoConservative27 · 7 replies
    Another shooting situation caught on camera — this time in Tampa, after a security guard got into an altercation with a group of men leaving the Ybor City parking garage. Everoy Farqharson, 31, employed by private security firm Farqharson confronted victims about urinating in parking garage Farqharson accused of firing gunshots at people in garage Officers arrested security guard Everoy Farqharson and charged him with two counts of aggravated assault with a firearm and battery. He was also charged with tampering with evidence and burglary of a conveyance for unlawfully entering the victim's car and removing shell casings from the...
  • Fugitive son of Detroit Imam arrested in Windsor

    10/29/2009 12:59:50 PM PDT · by Clive · 35 replies · 1,474+ views
    Canwest News Service ^ | 2009-10-29 | Jorge Barrera and Don McArthur
    The fugitive son of an Imam shot dead by U.S. federal agents Wednesday was arrested Thursday in downtown Windsor and in the custody Canadian border authorities, the FBI said in a statement. Mujahid Carswell, 30, also known as Mujahid Abdullah, was arrested by RCMP officers at about 1 p.m. Thursday without incident after police blocked off a downtown street and surrounded a house with a tactical team. He was witnessed being whisked away in a prisoner transport van and is currently in the custody of the Canada Border Services Agency on immigration violations. Mr. Carswell is the oldest son of...
  • The Hillary Defense

    07/09/2016 8:09:00 AM PDT · by darkwing104 · 6 replies
    The Coach's Team ^ | Saturday, July 9, 2016 | Jim Emerson, staff writer
    This week FBI Director James Comey recommended that the Justice Department not prosecute Hillary Clinton or members of her staff on charges of mishandling classified information. This action highlighted two sets of rules regarding national security--one for senior government officials and one for everyone else. Calling the former secretary of state and her staff was “extremely careless” using a private server and private email accounts for Government work and sending and receiving highly classified information. The FBI found that 110 of her emails contained such classified information. The director made his decision shortly after the agency interviewed Clinton in a...
  • Apple devices held for ransom, rumors claim 40M iCloud accounts hacked

    07/08/2016 10:46:39 PM PDT · by Swordmaker · 4 replies
    CSO ^ | July 8, 2016 | By Steve Ragan
    p>Since February, a number of Apple users have reported locked devices displaying ransom demands written in Russian.Earlier this week, a security professional posted a message to a private email group requesting information related a possible compromise of at least 40 million iCloud accounts.Salted Hash started digging around on this story after the email came to our attention. In it, a list member questioned the others about a rumor concerning "rumblings of a massive (40 million) data breach at Apple."How to respond to ransomware threatsThe message goes on to state that the alleged breach was conducted by a Russian actor, and...
  • Wendy’s releases list of over 1000 restaurants affected in credit card hack

    07/08/2016 6:54:21 PM PDT · by Utilizer · 47 replies
    whntnews19 ^ | Posted 7:27 pm, July 7, 2016 Updated at 07:34pm, July 7, 2016 | Tribune Media Wire
    Customers who have eaten at Wendy's restaurant and used a debit or credit card to pay for their food are being encouraged to check their statements and read more information on a cyber breach found at some franchise-owned restaurants. Alabama restaurants include five in Huntsville; two in Madison, and one each in Cullman, Decatur, Evergreen, Greenville, Guntersville, Jasper, Mobile, Rainsville, Scottsboro and Selma. Click for locations near you. Wendy's Company first reported unusual payment card activity in February 2016, and believes the activity may have occurred as early as October 2015. Then, on June 9, 2016, company officials reported that...
  • Russian Hackers Targeting iOS Device Users with Ransom Attacks

    07/08/2016 4:47:00 PM PDT · by Swordmaker · 7 replies
    AppAdvice ^ | July 8, 2016 | by Brent Dirks
    Protect yourself with two-factor authentication Salted Hash, a security blog from CSO, recently provided more details about the scam. Hackers first need to acquire a compromised an Apple ID by phishing, social engineering, data breach, or other method: From there, the attacker uses Find My iPhone and places the victim’s device into lost mode. At this point, they can lock the device, post a message to the lock screen and trigger a sound to play, drawing attention to it.In each of the cases reported publicly, the ransom demanded is usually $30 to $50. If a victim contacts the referenced email...
  • Chinese ad firm is behind HummingBad Android malware

    07/07/2016 10:43:22 PM PDT · by Utilizer · 3 replies
    iTnews (AUS) ^ | Jul 6 2016 2:47PM (AUS) | Staff Writer
    A malicious, criminal division of an otherwise legitimate Chinese tech company is behind a mobile malware distribution campaign that currently generates around US$300,000 a month, according to security researchers. Check Point this week published an in-depth threat analysis [pdf] following a five-month investigation into malware dubbed HummingBad, which was originally discovered in February. It is known to root Android devices, primarily for the purpose of generating revenue through fake ad clicks and fraudulent app installations. Check Point claims that Yingmob, a Chinese mobile ad server and analytics business, is developing and distributing the malware through a special corporate division of...
  • Mac malware gives attackers backdoor into OS X

    07/07/2016 10:11:59 PM PDT · by Utilizer · 11 replies
    iTnews (AUS) ^ | Jul 7 2016 3:36PM (AUS) | Staff Writer
    A newly discovered malware capable of cyber espionage and remote takeover is targeting Apple Mac computers, delivering its payload by opening up a backdoor connection to a command-and-control web server via the encrypted Tor network. Named Eleanor (or Backdoor.MAC.Eleanor), the malware arrives disguised as a drag-and-drop file conversion application called the EasyDoc Converter. The application is found on many credible third-party sites, according to an analysis from Bitdefender, whose security researchers uncovered the malware. The program is neither verified nor digitally signed by Apple. In reality, the program's true purpose is far more malevolent, granting attackers a backdoor connection that...
  • Symantec scrambles to patch severe holes in 26 products

    07/06/2016 10:19:36 PM PDT · by Utilizer · 27 replies
    iTnews (AUS) ^ | Jun 29 2016 12:09PM | Juha Saarinen
    Symantec enterprise and Norton security product users are being urged to patch their applications immediately after multiple dangerous vulnerabilities were discovered. The security firm has advised that 17 enterprise security products and nine Norton consumer offerings are affected. Google Project Zero researcher Tavis Ormandy discovered the flaws. The most serious is that the products unpack compressed executables in the operating system kernel to analyse them for malicious code. He said this dangerous practice means the vulnerability can be exploited by simply sending a link or an email - users don't need to do anything to activate an attack.
  • Design flaw breaks Android storage encryption

    07/06/2016 9:49:42 PM PDT · by Utilizer · 15 replies
    iTnews (AUS) ^ | Jul 5 2016 10:40AM | Juha Saarinen
    The full disk encryption used to safeguard information stored on Google Android devices can be broken, an independent researcher has found. Gal Beniamini spent several years analysing the TrustZone platform found on Qualcomm chipsets, and utilised previously gained knowledge to run code that is able to extract the encryption keys used to scramble stored data on Android devices. The researcher discovered that encryption keys derived from the TrustZone feature could be extracted by software and cracked by brute force outside the Android devices, thus bypassing security mechanisms that limit the number of password guesses that can be made.
  • HummingBad: Chinese malware infects 10 million Android devices, experts warn

    07/05/2016 8:03:35 PM PDT · by Utilizer · 6 replies
    News (.com .au) ^ | July 6, 201611:31am (AUS) | Matthew Dunn
    Cybersecurity specialist Check Point has been tracking the malware called HummingBad since its discovery in February and claim there has been a spike in infected devices. In a new report, Check Point said the malware was a multistage attack chain with two main components, which first infected Androids when people visited certain websites. “The first component attempts to gain root access on a device with a rootkit [software] that exploits multiple vulnerabilities. If successful, attackers gain full access to a device,” the report read. “If rooting fails, a second component uses a fake system update notification, tricking users into granting...
  • Lenovo hunts BIOS backdoor bandits

    07/05/2016 7:32:33 PM PDT · by Utilizer · 12 replies
    iTnews (AUS) ^ | Jul 6 2016 6:06AM (AUS) | Juha Saarinen
    PC giant Lenvo has launched an investigation with Intel to find out which of its suppliers introduced the recently-disclosed BIOS level "ThinkPwn" vulnerability that allows attackers to bypass hardware protections on the company's ThinkPad laptops and other computers. Researcher Dmytro Oleksiuk discovered a flaw that allowed arbitrary code execution using the Intel system management mode (SMM) feature in processors. The exploit is able to bypass the write protection in PCs' flash memory, and in turn disable the Unified Extensible Firmware Interface (UEFI) Secure Boot, and the Windows 10 Enterprise Credentials Guard security feature. Oleksiuk also found suspicious SMM code in...
  • Lenovo scrambling to get a fix for BIOS vuln

    07/04/2016 7:04:05 PM PDT · by Utilizer · 19 replies
    The Register ^ | 4 Jul 2016 at 02:04 | Richard Chirgwin
    Lenovo, and possibly other PC vendors, is exposed to a UEFI bug that can be exploited to disable firmware write-protection. If the claims made by Dmytro Oleksiuk at Github are correct, an attacker can “disable flash write protection and infect platform firmware, disable Secure Boot, [and] bypass Virtual Secure Mode (Credential Guard, etc.) on Windows 10 Enterprise.” The reason Oleksiuk believes other vendors are also vulnerable is that the buggy code is inherited from Intel. He writes that the SystemSmmRuntimeRt was copied from Intel reference code.
  • What you need to know about driving on Interstate 95 during the DNC

    07/02/2016 10:11:33 PM PDT · by Tolerance Sucks Rocks · 21 replies
    The Philadelphia Inquirer ^ | June 24, 2016 | Emily Babay
    Motorists on Interstate 95 during the Democratic National Convention should be prepared for weight restrictions and ramp closures. PennDot has outlined what drivers on the interstate should expect before, during and after the DNC, which will be held July 25-28 at the Wells Fargo Center in South Philadelphia. Here's what you need to know: Open to passenger vehicles Like other highways in the area, I-95 will be open to passenger vehicles. No vehicles weighing more than 5 tons Vehicles that weigh more than five tons won't be permitted on I-95 between Exit 13 (for Interstate 76 West/Route 291/Valley Forge) and...
  • Eight Reasons Why We Face a National Security Problem

    07/02/2016 8:08:48 AM PDT · by Kaslin · 17 replies
    Townhall.com ^ | July 2, 2016 | David Grantham
    John Kerry called the Istanbul airport attack a sign of desperation on the part of ISIS. The following observations suggest American leaders are the ones desperately clinging to failed strategies.1. Choosing symbolism over substance: Whether or not expressed explicitly, the administration demands uniformity of thought and diversity in appearance. As a result, upwards of 200 military officers have been “purged” for failing to acquiesce to a rudderless national security strategy that, among other things, subjects the military to costly and fruitless social engineering projects. A dangerous future awaits a country that diverts defense spending to that which offers no measurable...
  • Shocking: Disabled Teen Returning From St. Jude's Hospital Bloodied and Arrested by TSA

    07/01/2016 3:24:27 PM PDT · by lowbridge · 164 replies
    PJ Media ^ | July 1, 2016 | Julie Prince
    Getting through the line at the TSA can be a long and uncomfortable process. For one Chattanooga teen and her mother, the process turned into a scary nightmare. 19-year-old Hannah Cohen was returning home from St. Jude's Hospital with her mother for treatment of her brain tumor (a trip they had made for 17 years), when Hannah somehow set off the metal detector at the security checkpoint. TSA wanted to do a further scan on Hannah, but she was reluctant. Hannah's mother, Shirley Cohen, tried to inform the agents that her daughter was disabled. She is partially deaf and blind...
  • Talk Of Moving TSA Checkpoints Outside

    06/30/2016 10:24:40 AM PDT · by C19fan · 59 replies
    CBS DFW ^ | June 29, 2016 | Andrea Lucia
    Show your ID, take off your shoes, hand over the carry-on and maybe, just maybe, get a pat-down! TSA checkpoints are a hassle travelers have come to accept, but new layers of security could further test your patience.
  • Microsoft to make saying no to Windows 10 update easier

    06/30/2016 12:15:46 AM PDT · by Utilizer · 22 replies
    ZDNet ^ | June 28, 2016 | Mary Jo Foley
    Microsoft officials said late on June 27 that the new update experience -- with clearer "upgrade now, schedule a time, or decline the free offer" -- will start rolling out this week. Microsoft will also revert to making clicking on the Red X at the corner of the Windows 10 update box dismiss the update, rather than initiate it, as it has done for the past several weeks. Microsoft officials said they are making the change "in response to customer feedback". Update: Here's the full, updated statement from Microsoft about the coming change, attributable to Executive Vice President of Windows...
  • This malware pretends to be WhatsApp, Uber and Google Play

    06/29/2016 10:38:17 PM PDT · by Utilizer · 6 replies
    CSO ^ | Jun 29, 2016 4:56 AM PT | Michael Kan
    Hackers are stealing credit card information in Europe with malware that can spoof the user interfaces of Uber, WhatsApp and Google Play. The malware, which has struck Android users in Denmark, Italy and Germany, has been spreading through a phishing campaign over SMS (short message service), security vendor FireEye said on Tuesday. Once downloaded, the malware will create fake user interfaces on the phone as an “overlay” on top of real apps. These interfaces ask for credit card information and then send the entered data to the hacker.
  • Trump Spokeswoman: ‘We’re Not Going to Base National Security Off PolitiFact, or Even the UN’

    06/28/2016 7:08:40 AM PDT · by Olog-hai · 31 replies
    Cybercast News Service ^ | June 28, 2016 | 4:28 AM EDT | Patrick Goodenough
    A Donald Trump campaign spokeswoman sparred with a CNN anchor Monday over the process for vetting Syrian refugees, and when the journalist cited a fact-checking website’s assessment of the process the spokeswoman retorted, “We’re not going to base national security off PolitiFact, or even the United Nations.” CNN’s Brianna Keilar questioned Trump spokeswoman Katrina Pierson about how the presumptive Republican candidate would like to change the existing process used to vet refugees ahead of resettlement in the U.S. In doing so, Keilar paraphrased an excerpt from a recent PolitiFact article, which examined Trump’s claim that there was “no system to...
  • Intel x86s hide another CPU that can take over your machine (you can't audit it)

    06/25/2016 9:26:23 PM PDT · by Enlightened1 · 15 replies
    Bing Bong ^ | 06/15/16 | Damien Zammit
    Recent Intel x86 processors implement a secret, powerful control mechanism that runs on a separate chip that no one is allowed to audit or examine. When these are eventually compromised, they'll expose all affected systems to nearly unkillable, undetectable rootkit attacks. I've made it my mission to open up this system and make free, open replacements, before it's too late. The Intel Management Engine (ME) is a subsystem composed of a special 32-bit ARC microprocessor that's physically located inside the chipset. It is an extra general purpose computer running a firmware blob that is sold as a management system for...
  • Godless Apps Seem in Google Play, 90% of Android Phones at Risk

    06/24/2016 9:26:33 PM PDT · by Utilizer · 4 replies
    OppTrends ^ | June 24, 2016 | Ali Raza
    A new family of malicious apps, most of which were available on the Google Play Store, all containing malicious codes have been detected by a group of security researchers. The Godless apps are believed to be able secretly to root 90 percent of all Android phones. AntiVirus provider, Trend Micro wrote in a recent blog post that they had discovered a new family of malicious apps. The apps called, Godless, contains a collection of the rooting exploits that can work on any device which is running the Android version 5.1 and below. This means that close to 90 percent of...
  • Federal Judge Strikes Down Security Buffer Zone for GOP Convention

    06/24/2016 7:20:49 AM PDT · by wtd · 20 replies
    Washington Free Beacon ^ | June 23, 2016 | Bryan Stascavage
    Federal Judge Strikes Down Security Buffer Zone for GOP Convention A federal judge found unconstitutional a heightened-security area proposed to surround the Republican National Convention in Cleveland, Ohio on Thursday, saying the 3.5 square mile “event zone” unfairly restricted free speech.
  • HTML5 Ads Aren't That Safe Compared To Flash, Experts Say

    06/23/2016 10:08:42 PM PDT · by Utilizer · 8 replies
    SOFTPEDIA® ^ | Jun 23, 2016 21:05 GMT | Catalin Cimpanu
    A study from GeoEdge, an ad scanning vendor, reveals that Flash has been wrongly accused as the root cause of today's malvertising campaigns, but in reality, switching to HTML5 ads won't safeguard users from attacks because the vulnerabilities are in the ad platforms and advertising standards themselves. The evidence exists to proclaim Flash as one of today's most vulnerable and insecure software applications. Targeted in cyber-espionage and malvertising campaigns, Flash has gotten a bad reputation, and for a good reason. HTML5 ads are replacing Flash ads in the industry Security researchers have discovered vulnerabilities in Flash almost every month, and...
  • Federal Judge Throws Out Cleveland’s GOP Convention Security Plan

    06/23/2016 11:25:53 AM PDT · by Sub-Driver · 64 replies
    Federal Judge Throws Out Cleveland’s GOP Convention Security Plan Byron Tau June 23, 2016 1:37 p.m. ET CLEVELAND—A federal judge on Thursday struck down the city of Cleveland’s rules limiting protests during next month’s Republican National Convention, finding the city’s strict security regulations violated the U.S. Constitution. U.S. District Court Judge James Gwin ruled the city’s establishment of a large zone around the July convention site within which protesters’ ability to demonstrate would be strictly limited contravened the Constitution’s guarantees of the freedom of speech and assembly. “Under the First Amendment, I do find that the city hasn't sufficiently, narrowly...
  • Emails: Key security features disabled on Clinton's server

    06/22/2016 1:59:31 PM PDT · by detective · 42 replies
    Yahoo News ^ | June 22, 2016 | MICHAEL BIESECKER and TED BRIDIS
    State Department staffers wrestled for weeks in December 2010 over a serious technical problem with then-Secretary Hillary Clinton's home email server, causing them to temporarily disable security features that left the server more vulnerable to hackers, according to emails released Wednesday. Just weeks later, according to previously disclosed emails, hackers attacked the server, forcing Clinton's staff to shut it down. The next day, one of Clinton's closest aides, Huma Abedin, wrote to other high ranking staff: "Don't email hrc (Clinton) anything sensitive. I can explain more in person." The emails were released under court order Wednesday to the conservative legal...
  • EMAILS: KEY SECURITY FEATURES DISABLED ON CLINTON'S SERVER

    06/22/2016 1:03:23 PM PDT · by safetysign · 130 replies
    Associated Press ^ | 07/22/2016 | Michael Biesecker and Ted Bridis
    <p>WASHINGTON (AP) -- Newly released emails show State Department staffers wrestled in December 2010 over a serious technical problem with then-Secretary of State Hillary Clinton's home email server. They temporarily disabled security features, which left the server more vulnerable to hackers. Weeks later, hackers attacked the server so seriously it was shut down.</p>
  • Online backup firm Carbonite tells users to change their passwords now

    06/21/2016 7:15:50 PM PDT · by Utilizer · 24 replies
    grahamcluley website ^ | June 21, 2016 8:32 pm | Graham Cluley
    Online backup company Carbonite is the latest firm to have issued a warning that hackers are attempting to break into its users accounts, and are prompting all users to change their passwords as a result. An email has been sent to Carbonite users explaining that the attackers are thought to be using passwords gleaned from other recent mega-breaches. ... Nobody is keen for a hacker to break into their online accounts, but it's especially important when what's being protected by your account is your computer backup. If a hacker were able to gain access to your online backup they could...
  • Citrix issues password reset after GoToMyPC hack

    06/20/2016 7:55:43 PM PDT · by Utilizer · 21 replies
    iTnews (.com.au) ^ | Jun 21 2016 9:00AM (AUS) | uha Saarinen
    Software vendor Citrix is asking all customers to reset their passwords for the GoToMyPC remote access service after it suffered what appears to be a full credentials compromise. In its advisory, Citrix said the GoToMyPC service had "unfortunately" been targeted by "a very sophisticated password attack". Citrix provided no further details of the hack, but apologised "for the frustration this is causing".
  • Kill Flash now. Or patch these 36 vulnerabilities. Your choice

    06/18/2016 10:08:56 AM PDT · by Utilizer · 26 replies
    The Register ^ | 16 Jun 2016 at 18:50 | Shaun Nichols
    Adobe has released an update for Flash that addresses three dozen CVE-listed vulnerabilities. The update includes a fix for the CVE-2016-4171 remote code execution vulnerability that is right now being exploited in the wild to install malware on victims' computers. Adobe is recommending that users running Flash for Windows, macOS, Linux, and ChromeOS update the plugin as quickly as possible, giving the update the "Priority 1" ranking, a designation reserved for flaws that are, according to Adobe, "being targeted, or which have a higher risk of being targeted." Adobe credited security researchers at Cisco Talos, Google Project Zero, FireEye, Microsoft...
  • G4S (Orlando Terrorist Employer) contracts to 'protect' our Nuclear Power Plants

    06/15/2016 9:31:09 PM PDT · by ChiefJayStrongbow · 8 replies
    Searched in Google for G4S "nuclear power plant" and came back with a list of open slots. What's next? Below is an excerpt from one of the open positions (security officer at a nuclear power plant)... I wonder what they've already filled. The world’s leading private security organization, G4S, has an immediate job opportunity for a Custom Protection Officer. G4S is a security provider for the United States government, fortune 500 companies, nuclear power plants, oil and gas companies, airport, ports, banks, hospitals, factories, warehouses, commercial facilities, residential communities and much more. G4S offers job security, excellent pay and benefits,...
  • New Homeland Security Records Reveal Top Officials Were Exempted from Strict Ban Placed on Web-...

    06/16/2016 2:03:44 PM PDT · by jazusamo · 12 replies
    Judicial Watch ^ | June 16, 2016
    Full title: New Homeland Security Records Reveal Top Officials Were Exempted from Strict Ban Placed on Web-Based Personal Email Accounts Despite Heightened Security Concerns Jeh Johnson granted special waiver on first day of official ban. Practice Continued Even After Clinton Email Revelations. (Washington, DC) – Judicial Watch today announced it obtained 693 pages of Department of Homeland Security records revealing that Secretary Jeh Johnson and 28 other agency officials used government computers to access personal web-based email accounts despite an agency-wide ban due to heightened security concerns. The documents also reveal that Homeland Security officials misled Rep. Scott Perry (R-PA)...
  • Intel x86s hide another CPU that can take over your machine (you can't audit it)

    06/15/2016 7:43:51 PM PDT · by Utilizer · 44 replies
    Zicos ^ | Wednesday June 15, 2016. 02:48 PM | from BoingBoing
    The Intel Management Engine (ME) is a subsystem composed of a special 32-bit ARC microprocessor that's physically located inside the chipset. It is an extra general purpose computer running a firmware blob that is sold as a management system for big enterprise deployments. When you purchase your system with a mainboard and Intel x86 CPU, you are also buying this hardware add-on: an extra computer that controls the main CPU. This extra computer runs completely out-of-band with the main x86 CPU meaning that it can function totally independently even when your main CPU is in a low power state like...