Security

Home/Security

Tick, tock: Windows 8.1 users face patch ban as Microsoft sets next week’s updates

By |May 28th, 2014|Categories: IT Industry, Microsoft, Security, Tech News|

Computerworld – Microsoft today said it will issue eight security updates to customers next week that will include fixes for flaws in Internet Explorer (IE), Windows, Office and SharePoint.

Four of the bulletins, including the one targeting IE, affect Windows 8.1, the fall 2012 refresh of Windows 8. However, to receive those four updates, users of Windows 8.1 must have upgraded to Windows 8.1 Update, which Microsoft released just last month.

Of the eight updates, two were tagged “critical,” Microsoft’s most serious threat rating, and the remaining six were marked “important,” the next step down in the firm’s four-part scoring system.

May’s collection of updates is the largest so far this year: Microsoft issued four updates each in January and April, five each in February and March.

“It’s in the range,” said Andrew Storms, director of DevOps at CloudPassage, today. “It’s not like this is a giant update.”

Storms recommended that users apply the IE […]

What is ‘Covert Redirect’ and Should You be Worried?

By |May 27th, 2014|Categories: Security, Tech News, Virus Alerts|

When Heartbleed struck in April, it shook the Internet to its core in an almost literal sense: the vulnerability, which could allow hackers to trick servers into surrendering sensitive data, took advantage of how communications are made online. Now, there’s a new vulnerability in town claiming to be the next core-shaking Internet threat. But is it really? Let’s take a look.

Covert Redirect: A look inside

The vulnerability in question has been dubbed “Covert Redirect,” due to its stealthy tactics. Discovered by Wang Jing, a mathematics PhD student in Singapore, Covert Redirect enables hackers to trick users into surrendering personal information by posing as an authorization window (a popup window which asks for authorization to connect to a third party website or application). If the faux-authorization is successful, the hacker can redirect the user to a website loaded with malicious software. If successfully executed, it can […]

As Patch Tuesday looms, Microsoft gives Windows 8.1 users a reprieve

By |May 26th, 2014|Categories: Security, Virus Alerts|Tags: , |

Consumers now have until June 10 to get off Windows 8.1 and on Windows 8.1 Update to keep receiving patches

May 12, 2014
(Computerworld)

For the third time in the last four weeks, Microsoft today backed away from a customer cutoff as it postponed enforcement of the Windows 8.1 Update migration deadline until June 10.

On Monday — and just a day before its May Patch Tuesday slate of security fixes — Microsoft said consumers have four more weeks to move from Windows 8.1 to Windows 8.1 Update before their devices would be barred from receiving further patches. The deadline change was the third in the past month, following an earlier Windows 8.1 Update extension for business users and a surprise update on May 1 for Windows XP after Microsoft had officially retired the aged OS.

“We’ve decided to extend the requirement for our […]

Microsoft seeds doubt by erasing XP line in the sand

By |May 26th, 2014|Categories: Microsoft, Security, Tech News, Virus Alerts, WinXP|

Move may end up encouraging some customers to stick with XP even longer

May 7, 2014
(Computerworld)

Microsoft’s decision to erase its support line in the sand has sowed confusion and will likely encourage bad behavior by some customers, analysts said today.

“If next month someone finds another zero-day like this one, Microsoft could just move the line again,” said John Pescatore, director of emerging security trends at the SANS Institute, a security training organization.

“In a way, this encourages bad behavior. There’s a risk that people will look at it that way,” said Michael Silver, an analyst with Gartner, referring to those who will now question Microsoft’s determination to end XP support, and thus slow or even suspend their migrations to newer editions of Windows.

The experts were talking about Microsoft’s move on May 1 to issue fixes for a critical vulnerability in Internet Explorer […]

Kaspersky Helps Watch_Dogs Developers to Get Hacking Right

By |May 26th, 2014|Categories: Security, Tech News|

Talk to any security researcher or hacker of a certain age, and he will likely tell you that back in his day–say, the late 1990s–hacking wasn’t cool. It was a solitary, often frustrating pursuit, done mainly for the intellectual rewards it provided and the respect of one’s peers. But the culture has turned of late, and hacking and the security culture are having something of a moment.

watchdogs

Privacy and pervasive surveillance are now topics of conversation well outside of the tech community, and the idea of having your every move monitored, tracked and recorded doesn’t seem as ridiculous as it did when George Orwell laid it out more than 60 years ago. Average citizens don’t have much in the way of options when it comes to fighting the spread of surveillance technology–at least in the real world. But the new Ubisoft video game […]

The NSA’s mysterious coded tweet

By |May 26th, 2014|Categories: Security, Tech News|

No, the NSA was not drunk when they sent this garbled tweet earlier this week.
No, the NSA was not drunk when they sent this garbled tweet earlier this week.

    • The NSA sent a mysterious coded tweet to its 10,000 followers this week
    • Internet sleuths solved the mystery in minutes
    • The tweet was a recruiting tool for the intelligence agency

(CNN) — When the National Security Agency sent a tweet Monday filled with garbled nonwords like “tpfccdlfdtte,” the Internet was confused, and intrigued.

Was the NSA drunk? Had a cat skittered across someone’s keyboard?

Or maybe the spy agency, under fire for eavesdropping on Americans, had accidentally blurted a secret of its own — a coded, classified message not meant for public eyes.

The truth proved to be less scandalous. Internet sleuths, armed with cryptogram-solving Web tools, solved the mystery in minutes. Turns out […]

Researchers find a global botnet of infected PoS systems

By |May 26th, 2014|Categories: Security, Tech News, Virus Alerts|

The botnet contained almost 1,500 compromised point-of-sale and other retail systems from 36 countries, researchers from IntelCrawler said

May 23, 2014
(IDG News Service)

Security researchers uncovered a global cybercriminal operation that infected with malware almost 1,500 point-of-sale (POS) terminals, accounting systems and other retail back-office platforms from businesses in 36 countries.

The infected systems were joined together in a botnet that researchers from cybercrime intelligence firm IntelCrawler dubbed Nemanja. The researchers believe the attackers behind the operation might be from Serbia.

The size of the botnet and the worldwide distribution of infected systems brings into perspective the security problems faced by retailers from around the world, problems that were also highlighted by the recent PoS breaches at several large U.S. retailers.

Past incidents suggest an increased attention from cybercriminals toward retailers and small businesses that use PoS terminals, the IntelCrawler researchers said Thursday in a […]

Bug bounty program outs 7-month-old IE zero-day

By |May 26th, 2014|Categories: Microsoft, Security, Tech News, Virus Alerts, WinXP|

No sign that hackers are exploiting the unpatched vulnerability in IE8; XP users will never see the fix

May 22, 2014
(Computerworld)

An HP bug bounty program yesterday published information about a critical vulnerability in Internet Explorer 8 (IE8) because Microsoft did not meet its patch-or-we-go-public deadline.

HP TippingPoint’s Zero Day Initiative (ZDI) revealed some details about the vulnerability Wednesday in an online advisory after its 180-day grace period had expired without Microsoft providing a patch to customers.

The bug, which was reported to ZDI by Belgium security researcher Peter Van Eeckhoutte, was handed to Microsoft on Oct. 11, 2013. At the time, ZDI had a 180-day patch policy: If the vendor did not patch the vulnerability in that time, or failed to explain why it could not, ZDI would go public with the flaw.

Since then ZDI has shortened the window to […]

Strike a Pose: Blackshades Malware Spies Through Your Webcam

By |May 25th, 2014|Categories: Security, Tech News, Virus Alerts|

In the old days, one simply had to draw their blinds to avoid peeping toms from spying on their private business. Now, it seems that even with the shades drawn, one must also shutter their webcam. Earlier this week, the FBI initiated a crackdown leading to the arrest of nearly 100 users of a program called Blackshades malware. This program allows hackers to remotely access the computers of their victims, enabling them to steal files, log passwords, and even turn on microphones and webcams unnoticed. What’s more? This spying software could be purchased online for as little as $40 U.S.D.

Blackshades malware is referred to as a remote access tool (RAT), meaning it allows the hacker to gain full access to your machine as if he were sitting right in front of it. The technology behind this threat is similar to that used […]

Red Hat fortifies OpenStack suite, eases management for enterprise users

By |May 21st, 2014|Categories: Security, Tech News, Virus Alerts|Tags: |

Red Hat updated its OpenStack distro to the latest edition, and has partnered with NetApp and eNovance to advance OpenStack

May 12, 2014
(IDG News Service)

What do enterprises want to see in OpenStack? With its latest distribution of the cloud hosting software, Red Hat is betting that they want a streamlined installation process and carrier-grade reliability.

The company has also partnered with storage provider NetApp, as well as telecommunications cloud provider eNovance, to advance some core OpenStack technologies.

OpenStack “is not a science experiment any more. We’re talking real workloads that require predictable enterprise capabilities,” said Radhesh Balakrishnan, Red Hat general manager for virtualization and OpenStack.

The company has released a beta version of the next version of its OpenStack distribution, Red Hat Enterprise Linux OpenStack Platform 5.0, that includes the latest version of OpenStack, called Icehouse, which was released last […]