TECHNOLOGY NEWS
Setup News Ticker
   TECHNOLOGY NEWS
Searching for 'Security'. (Return)

ComputerWorldJun 07, 2016
Google, Facebook, Yahoo, rights groups oppose FBI expansion of surveillance powers
Google, Facebook, Yahoo and industry and civil rights groups have opposed legislation that would extend the categories of Internet records that the U.S. government can collect without court approval through administrative orders known as National Security Letters.

The companies and groups have pointed out in a letter to senators that the new provisions would expand the types of records, known as Electronic Communication Transactional Records (ECTRs), which the FBI can obtain using the NSLs.

The ECTRs would include a variety of online information, such as IP addresses, routing and transmission information, session data, a person's browsing history, email metadata, location information, and the exact date and time a person signs in or out of a particular online account.

To read this article in full or to leave a comment, please click here



ComputerWorldJun 07, 2016
Check your BITS, because deleting malware might not be enough
Attackers are abusing the Windows Background Intelligent Transfer Service (BITS) to re-infect computers with malware after the machines have been already cleaned by antivirus products.

The technique was observed in the wild last month by researchers from SecureWorks while responding to a malware incident for a customer. The antivirus software installed on a compromised computer detected and removed a malware program, but the computer was still showing signs of malicious activity at the network level.

Upon further investigation, the researchers found two rogue jobs registered in BITS, a Windows service that's used by the OS and other apps to download updates or transfer files. The two malicious jobs periodically downloaded and attempted to reinstall the deleted malware.

To read this article in full or to leave a comment, please click here



ComputerWorldJun 06, 2016
Widespread exploits evade protections enforced by Microsoft EMET
It's bad news for businesses. Hackers have launched large-scale attacks that are capable of bypassing the security protections added by Microsoft's Enhanced Mitigation Experience Toolkit (EMET), a tool whose goal is to stop software exploits.

Security researchers from FireEye have observed Silverlight and Flash Player exploits designed to evade EMET mitigations such as Data Execution Prevention (DEP), Export Address Table Access Filtering (EAF) and Export Address Table Access Filtering Plus (EAF+). The exploits have been recently added to the Angler exploit kit.

Angler is one of the most widely used attack tools used by cybercriminals to launch Web-based, 'drive-by' download attacks. It is capable of installing malware by exploiting vulnerabilities in users' browsers or browser plug-ins when they visit compromised websites or view maliciously crafted ads.

To read this article in full or to leave a comment, please click here



Reuters TechnologyJun 06, 2016
SentinelOne hires prominent cyber-security expert Jeremiah Grossman
(Reuters) - Security software maker SentinelOne said on Monday that it has hired prominent cyber-security expert Jeremiah Grossman, who last month left WhiteHat Security which he founded 15 years ago.

ComputerWorldJun 06, 2016
Android gets patches for major flaws in hardware drivers and media server
The June batch of Android security patches addresses nearly two dozen vulnerabilities in system drivers for various hardware components from several chipset makers.

The largest number of critical and high severity flaws were patched in the Qualcomm video driver, sound driver, GPU driver, Wi-Fi driver, and camera driver. Some of these privilege escalation vulnerabilities could allow malicious applications to execute malicious code in the kernel leading to a permanent device compromise.

Similar high-risk flaws were fixed in the Broadcom Wi-Fi driver, NVIDIA camera driver, and MediaTek power management driver. These vulnerabilities can give regular applications access to privileges or system settings that they shouldn't have. In some cases, the flaws allow kernel code execution, but only if the attacker compromises a different service first to communicate with the vulnerable driver.

To read this article in full or to leave a comment, please click here



Yahoo TechnologyJun 06, 2016
Mark Zuckerberg's social media has been hacked, because no one is safe
If there's one person you'd think would use good security to protect social media accounts, Facebook CEO Mark Zuckerberg would be a good bet. But apparently, nothing is sacred: Zuckerberg's Twitter, Pinterest and possibly Instagram accounts have all been hacked. Zuckerberg's accounts appear to have been compromised sometime on Sunday. In a series of messages posted to Zuck's Twitter and Pinterest accounts, the hacker group OurMine took responsibility, and claimed they were just trying to raise awareness. DON'T MISS:  Can you spot how Facebook''s new font is different? Their claim is that Zuckerberg's password -- which was "dadada" -- was exposed by the 2012 LinkedIn password dump . That would make a lot of sense, because a) Zuckerberg hasn't used his Twitter or Pinterest accounts in years, and b) a bunch of other celebrities have also seen their Twitter accounts hacked in the last few days. By this morning, Zuckerberg appears to have regained control of his social media accounts, and OurMine's Twitter account has been frozen. I guess things work a little more easily when you're the CEO of the world's largest social network, but it's still a good cautionary tale for the rest of us, who will find it a little harder to regain control if (or when) we get hacked. https://twitter.com/Ben_Hall/status/739534393585340417 The LinkedIn password leak is the largest of its kind in recent memory, consisting of the account info of some 164 million users. The danger of the leak isn't so much exposing the details of people's LinkedIn accounts, but rather exposing username and password combos that people often reuse across many sites. Best practice is to use unique passwords on every site, but as this hack proves, even the best of us can't be bothered. You can check if your LinkedIn password has been exposed with the HaveIBeenPwned tool . If so, you might want to change your password and enable two-factor authentication on any accounts you care about.



  • CEOExpress
  • c/o CommunityScape | 200 Anderson Avenue
    Rochester, NY 14607
  • Contact
  • As an Amazon Associate
    CEOExpress earns from
    qualifying purchases.

©1999-2024 CEOExpress Company LLC