Lucian Constantin

Author Archives: Lucian Constantin

The number of corporate users hit by crypto ransomware is skyrocketing

The prevalence of ransomware programs, both those that encrypt data and those that don't, has exploded over the past two years, with companies being increasingly targeted.Based on an analysis by security vendor Kaspersky Lab, more than 2.3 million users encountered ransomware between April 2015 and March, a jump of almost 18 percent over the previous 12 months.This includes programs that only lock the computer's screen to prevent its use as well as those that hold the data itself hostage by encrypting it -- the so-called cryptors. The rise of cryptors in particular has been significant, accounting for 32 percent of all ransomware attacks last year compared to only 7 percent the year before, according to Kaspersky Lab.To read this article in full or to leave a comment, please click here

Severe flaws in widely used archive library put many projects at risk

In a world where any new software project is built in large part on existing third-party code, finding and patching vulnerabilities in popular open-source libraries is vital to creating reliable and secure applications.For example, three severe flaws in libarchive, recently found by researchers from Cisco Systems' Talos group, could affect a large number of software products.Libarchive is an open-source library first created for FreeBSD, but since ported to all major operating systems. It provides real-time access to files compressed with a variety of algorithms, including tar, pax, cpio, ISO9660, zip, lha/lzh, rar, cab and 7-Zip.The library is used by file and package managers included in many Linux and BSD systems, as well as by components and tools in OS X and Chrome OS. Developers can also include the library's code in their own projects, so it's hard to know how many other applications or firmware packages contain it.To read this article in full or to leave a comment, please click here

Severe flaws in widely used archive library put many projects at risk

In a world where any new software project is built in large part on existing third-party code, finding and patching vulnerabilities in popular open-source libraries is vital to creating reliable and secure applications.For example, three severe flaws in libarchive, recently found by researchers from Cisco Systems' Talos group, could affect a large number of software products.Libarchive is an open-source library first created for FreeBSD, but since ported to all major operating systems. It provides real-time access to files compressed with a variety of algorithms, including tar, pax, cpio, ISO9660, zip, lha/lzh, rar, cab and 7-Zip.The library is used by file and package managers included in many Linux and BSD systems, as well as by components and tools in OS X and Chrome OS. Developers can also include the library's code in their own projects, so it's hard to know how many other applications or firmware packages contain it.To read this article in full or to leave a comment, please click here

Hackers sold access to 170,000 compromised servers, many in the US

The market for hacked servers might be much larger than previously thought, with new evidence suggesting that hackers sold access to over 170,000 compromised servers since 2014, a third of them located in the U.S.The new revelation comes from antivirus firm Kaspersky Lab, whose researchers reported last week that a black market website called xDedic was selling remote access to more than 70,000 compromised servers for as little as US$6.Following the report, a user with the moniker AngryBirds shared several Pastebin lists of IP addresses along with dates that allegedly represented hacked servers sold on xDedic since Oct. 2014.To read this article in full or to leave a comment, please click here

Hackers sold access to 170,000 compromised servers, many in the US

The market for hacked servers might be much larger than previously thought, with new evidence suggesting that hackers sold access to over 170,000 compromised servers since 2014, a third of them located in the U.S.The new revelation comes from antivirus firm Kaspersky Lab, whose researchers reported last week that a black market website called xDedic was selling remote access to more than 70,000 compromised servers for as little as US$6.Following the report, a user with the moniker AngryBirds shared several Pastebin lists of IP addresses along with dates that allegedly represented hacked servers sold on xDedic since Oct. 2014.To read this article in full or to leave a comment, please click here

Apple fixes serious flaw in AirPort wireless routers

Apple has released firmware updates for its AirPort wireless base stations in order to fix a vulnerability that could put the devices at risk of hacking.According to Apple security, the flaw is a memory corruption issue stemming from DNS (Domain Name System) data parsing that could lead to arbitrary code execution.The company released firmware updates 7.6.7 and 7.7.7 for AirPort Express, AirPort Extreme and AirPort Time Capsule base stations with 802.11n Wi-Fi, as well as AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Wi-Fi.The AirPort Utility 6.3.1 or later on OS X or AirPort Utility 1.3.1 or later on iOS can be used to install the new firmware versions on AirPort devices, the company said in an advisory.To read this article in full or to leave a comment, please click here

Apple fixes serious flaw in AirPort wireless routers

Apple has released firmware updates for its AirPort wireless base stations in order to fix a vulnerability that could put the devices at risk of hacking.According to Apple security, the flaw is a memory corruption issue stemming from DNS (Domain Name System) data parsing that could lead to arbitrary code execution.The company released firmware updates 7.6.7 and 7.7.7 for AirPort Express, AirPort Extreme and AirPort Time Capsule base stations with 802.11n Wi-Fi, as well as AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Wi-Fi.The AirPort Utility 6.3.1 or later on OS X or AirPort Utility 1.3.1 or later on iOS can be used to install the new firmware versions on AirPort devices, the company said in an advisory.To read this article in full or to leave a comment, please click here

Apple fixes serious flaw in AirPort wireless routers

Apple has released firmware updates for its AirPort wireless base stations in order to fix a vulnerability that could put the devices at risk of hacking.According to Apple security, the flaw is a memory corruption issue stemming from DNS (Domain Name System) data parsing that could lead to arbitrary code execution.The company released firmware updates 7.6.7 and 7.7.7 for AirPort Express, AirPort Extreme and AirPort Time Capsule base stations with 802.11n Wi-Fi, as well as AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Wi-Fi.The AirPort Utility 6.3.1 or later on OS X or AirPort Utility 1.3.1 or later on iOS can be used to install the new firmware versions on AirPort devices, the company said in an advisory.To read this article in full or to leave a comment, please click here

5 things you should know about password managers

New data breaches are coming to light almost weekly and they reveal a simple but troubling fact: many people still choose weak passwords and reuse them across multiple sites. The reality is, remembering dozens of complex passwords is almost impossible, and carrying them around on a scrap of paper that you have to keep updating is a huge hassle. That’s why password managers exist. Here’s why they’re important, and how to get the most out of them.To read this article in full or to leave a comment, please click here

5 things you should know about password managers

New data breaches are coming to light almost weekly and they reveal a simple but troubling fact: many people still choose weak passwords and reuse them across multiple sites. The reality is, remembering dozens of complex passwords is almost impossible, and carrying them around on a scrap of paper that you have to keep updating is a huge hassle. That’s why password managers exist. Here’s why they’re important, and how to get the most out of them.To read this article in full or to leave a comment, please click here

Flaws expose Cisco small-business routers, firewalls to hacking

Three models of Cisco wireless VPN firewalls and routers from the small business RV series contain a critical unpatched vulnerability that attackers can exploit remotely to take control of devices. The vulnerability is located in the Web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130W Wireless-N Multifunction VPN Router and RV215W Wireless-N VPN Router. It can be easily exploited if the affected devices are configured for remote management since attackers only need to send an unauthenticated HTTP request with custom user data. This will result in remote code execution as root, the highest privileged account on the system, and can lead to a complete compromise.To read this article in full or to leave a comment, please click here

Flaws expose Cisco small-business routers, firewalls to hacking

Three models of Cisco wireless VPN firewalls and routers from the small business RV series contain a critical unpatched vulnerability that attackers can exploit remotely to take control of devices. The vulnerability is located in the Web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130W Wireless-N Multifunction VPN Router and RV215W Wireless-N VPN Router. It can be easily exploited if the affected devices are configured for remote management since attackers only need to send an unauthenticated HTTP request with custom user data. This will result in remote code execution as root, the highest privileged account on the system, and can lead to a complete compromise.To read this article in full or to leave a comment, please click here

Flaws expose Cisco small-business routers, firewalls to hacking

Three models of Cisco wireless VPN firewalls and routers from the small business RV series contain a critical unpatched vulnerability that attackers can exploit remotely to take control of devices. The vulnerability is located in the Web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130W Wireless-N Multifunction VPN Router and RV215W Wireless-N VPN Router. It can be easily exploited if the affected devices are configured for remote management since attackers only need to send an unauthenticated HTTP request with custom user data. This will result in remote code execution as root, the highest privileged account on the system, and can lead to a complete compromise.To read this article in full or to leave a comment, please click here

Microsoft fixes critical flaws in Windows, IE, Edge, and Office

Microsoft has fixed more than 40 vulnerabilities in its products Tuesday, including critical ones in Windows, Internet Explorer, Edge, and Office.The vulnerabilities are covered in 16 security bulletins, six of which are marked as critical and the rest as important. This puts the total number of Microsoft security bulletins for the past six months to more than 160, a six-month record during the past decade.Companies running Windows servers should prioritize a patch for a critical remote code execution vulnerability in the Microsoft DNS Server component, covered in the MS16-071 bulletin.To read this article in full or to leave a comment, please click here

Microsoft fixes critical flaws in Windows, IE, Edge, and Office

Microsoft has fixed more than 40 vulnerabilities in its products Tuesday, including critical ones in Windows, Internet Explorer, Edge, and Office.The vulnerabilities are covered in 16 security bulletins, six of which are marked as critical and the rest as important. This puts the total number of Microsoft security bulletins for the past six months to more than 160, a six-month record during the past decade.Companies running Windows servers should prioritize a patch for a critical remote code execution vulnerability in the Microsoft DNS Server component, covered in the MS16-071 bulletin.To read this article in full or to leave a comment, please click here

Flash Player zero-day exploit is being used in the wild by a cyberespionage group

Adobe Systems warned users Tuesday that an unpatched Flash Player vulnerability is currently being exploited in targeted attacks. The company expects to deliver a patch as soon as Thursday. The exploit was discovered by researchers from antivirus vendor Kaspersky Lab in attacks attributed to a cyberespionage group known in the security industry as ScarCruft. The group is relatively new, but is apparently quite resourceful, as this is possibly the second zero-day -- previously unknown and unpatched -- exploit that it used this year. The other exploit targeted a critical remote code execution vulnerability in Microsoft XML Core Services that was tracked as CVE-2016-0147 and was patched by Microsoft in April.To read this article in full or to leave a comment, please click here

Flash Player zero-day exploit is being used in the wild by a cyberespionage group

Adobe Systems warned users Tuesday that an unpatched Flash Player vulnerability is currently being exploited in targeted attacks. The company expects to deliver a patch as soon as Thursday. The exploit was discovered by researchers from antivirus vendor Kaspersky Lab in attacks attributed to a cyberespionage group known in the security industry as ScarCruft. The group is relatively new, but is apparently quite resourceful, as this is possibly the second zero-day -- previously unknown and unpatched -- exploit that it used this year. The other exploit targeted a critical remote code execution vulnerability in Microsoft XML Core Services that was tracked as CVE-2016-0147 and was patched by Microsoft in April.To read this article in full or to leave a comment, please click here

Don’t run JS email attachments: ​they​ can carry potent ransomware

Attackers are infecting computers with a new ransomware program called RAA that's written entirely in JavaScript and locks users' files by using strong encryption.Most malware programs for Windows are written in compiled programming languages like C or C++ and take the form of portable executable files such as .exe or .dll. Others use command-line scripting such as Windows batch or PowerShell.It's rare to see client-side malware written in Web-based languages such as JavaScript, which are primarily intended to be interpreted by browsers. Yet the Windows Script Host, a service built into Windows, can natively execute .js and other scripting files out of the box.To read this article in full or to leave a comment, please click here

Don’t run JS email attachments: ​they​ can carry potent ransomware

Attackers are infecting computers with a new ransomware program called RAA that's written entirely in JavaScript and locks users' files by using strong encryption.Most malware programs for Windows are written in compiled programming languages like C or C++ and take the form of portable executable files such as .exe or .dll. Others use command-line scripting such as Windows batch or PowerShell.It's rare to see client-side malware written in Web-based languages such as JavaScript, which are primarily intended to be interpreted by browsers. Yet the Windows Script Host, a service built into Windows, can natively execute .js and other scripting files out of the box.To read this article in full or to leave a comment, please click here

Machine learning could help companies react faster to ransomware

File-encrypting ransomware programs have become one of the biggest threats to corporate networks worldwide and are constantly evolving by adding increasingly sophisticated detection-evasion and propagation techniques.In a world where any self-respecting malware author makes sure that his creations bypass antivirus detection before releasing them, enterprise security teams are forced to focus on improving their response times to infections rather than trying to prevent them all, which is likely to be a losing game.Exabeam, a provider of user and entity behavior analytics, believes that machine-learning algorithms can significantly improve ransomware detection and reaction time, preventing such programs from spreading inside the network and affecting a larger number of systems.To read this article in full or to leave a comment, please click here

1 28 29 30 31 32 58