Users of Webroot's endpoint security product, consumers and businesses alike, had a nasty surprise Monday when the program started flagging Windows files as malicious.The reports quickly popped up on Twitter and continued on the Webroot community forum -- 14 pages and counting. The company came up with a manual fix to address the issue, but many users still had problems recovering their affected systems.The problem is what's known in the antivirus industry as a "false positive" -- a case where a clean file is flagged as malicious and is blocked or deleted. False positive incidents can range in impact from merely annoying -- for example, when a program cannot run anymore -- to crippling, where the OS itself is affected and no longer boots.To read this article in full or to leave a comment, please click here
A 32-year-old Russian hacker was sentenced to 27 years in prison in the U.S. for stealing millions of payment card details from businesses by infecting their point-of-sale systems with malware.The sentence is the longest ever handed out in the U.S. for computer crimes, surpassing the 20-year jail term imposed on American hacker and former U.S. Secret Service informant Albert Gonzalez in 2010 for similar credit card theft activities.Roman Valeryevich Seleznev, a Russian citizen from Vladivostok, was sentenced Friday in the Western District of Washington after he was found guilty in August of 10 counts of wire fraud, eight counts of intentional damage to a protected computer, nine counts of obtaining information from a protected computer, nine counts of possession of 15 or more unauthorized access devices and two counts of aggravated identity theft.To read this article in full or to leave a comment, please click here
A 32-year-old Russian hacker was sentenced to 27 years in prison in the U.S. for stealing millions of payment card details from businesses by infecting their point-of-sale systems with malware.The sentence is the longest ever handed out in the U.S. for computer crimes, surpassing the 20-year jail term imposed on American hacker and former U.S. Secret Service informant Albert Gonzalez in 2010 for similar credit card theft activities.Roman Valeryevich Seleznev, a Russian citizen from Vladivostok, was sentenced Friday in the Western District of Washington after he was found guilty in August of 10 counts of wire fraud, eight counts of intentional damage to a protected computer, nine counts of obtaining information from a protected computer, nine counts of possession of 15 or more unauthorized access devices and two counts of aggravated identity theft.To read this article in full or to leave a comment, please click here
The latest version of Google Chrome, released earlier this week, restricts how domain names that use non-Latin characters are displayed in the browser. This change is in response to a recently disclosed technique that could allow attackers to create highly credible phishing websites.The ability to register domain names made up of characters like those found in the Arabic, Chinese, Cyrillic, Hebrew and other non-Latin alphabets dates back over a decade. Since 2009, the Internet Corporation for Assigned Names and Numbers (ICANN) has also approved a large number of internationalized top-level domains (TLDs) -- domain extensions -- written with such characters.To read this article in full or to leave a comment, please click here
The latest version of Google Chrome, released earlier this week, restricts how domain names that use non-Latin characters are displayed in the browser. This change is in response to a recently disclosed technique that could allow attackers to create highly credible phishing websites.The ability to register domain names made up of characters like those found in the Arabic, Chinese, Cyrillic, Hebrew and other non-Latin alphabets dates back over a decade. Since 2009, the Internet Corporation for Assigned Names and Numbers (ICANN) has also approved a large number of internationalized top-level domains (TLDs) -- domain extensions -- written with such characters.To read this article in full or to leave a comment, please click here
The Drupal project has released a patch to fix a critical access bypass vulnerability that could put websites at risk of hacking.The vulnerability does not have the highest severity level based on Drupal's rating system, but is serious enough that the platform's developers decided to also release a patch for a version of the content management system that's no longer officially supported.Successful exploitation of the vulnerability can lead to a complete compromise of data confidentiality and website integrity, but only Drupal-based websites with certain configurations are affected.To be vulnerable, a website needs to have the RESTful Web Services enabled and to allow PATCH requests. Furthermore, the attacker needs to be able to register a new account on the website or to gain access to an existing one, regardless of its privileges.To read this article in full or to leave a comment, please click here
The Drupal project has released a patch to fix a critical access bypass vulnerability that could put websites at risk of hacking.The vulnerability does not have the highest severity level based on Drupal's rating system, but is serious enough that the platform's developers decided to also release a patch for a version of the content management system that's no longer officially supported.Successful exploitation of the vulnerability can lead to a complete compromise of data confidentiality and website integrity, but only Drupal-based websites with certain configurations are affected.To be vulnerable, a website needs to have the RESTful Web Services enabled and to allow PATCH requests. Furthermore, the attacker needs to be able to register a new account on the website or to gain access to an existing one, regardless of its privileges.To read this article in full or to leave a comment, please click here
Two dozen Linksys router models are vulnerable to attacks that could extract sensitive information from their configurations, cause them to become unresponsive and even completely take them over.The vulnerabilities were discovered by senior security consultant Tao Sauvage from IOActive and independent security researcher Antide Petit while working together to analyze the Linksys EA3500 Smart Wi-Fi wireless router.The two researchers found a total of 10 vulnerabilities that affect not only the EA3500, but two dozen different router models from Linksys' Smart Wi-Fi, WRT and Wireless-AC series. Even though these devices are marketed as consumer products, it's not unusual to find them running in small business and home office environments.To read this article in full or to leave a comment, please click here
Two dozen Linksys router models are vulnerable to attacks that could extract sensitive information from their configurations, cause them to become unresponsive and even completely take them over.The vulnerabilities were discovered by senior security consultant Tao Sauvage from IOActive and independent security researcher Antide Petit while working together to analyze the Linksys EA3500 Smart Wi-Fi wireless router.The two researchers found a total of 10 vulnerabilities that affect not only the EA3500, but two dozen different router models from Linksys' Smart Wi-Fi, WRT and Wireless-AC series. Even though these devices are marketed as consumer products, it's not unusual to find them running in small business and home office environments.To read this article in full or to leave a comment, please click here
Oracle has released a record 299 security fixes for vulnerabilities in its products, including patches for a widely exploited vulnerability in the Apache Struts framework and a Solaris exploit supposedly used by the U.S. National Security Agency.The Struts vulnerability allows for remote code execution on Java web servers and was patched on March 6. Attackers have quickly adopted it and have used it in widespread attacks since then.Oracle uses Apache Struts 2 in several of its products, which is why Tuesday's critical patch update (CPU) fixed 25 instances of the vulnerability in Oracle Communications, Retail and Financial Services applications, as well as in the MySQL Enterprise Monitor, Oracle WebCenter Sites, Oracle WebLogic Server and the Siebel E-Billing app.To read this article in full or to leave a comment, please click here
Oracle has released a record 299 security fixes for vulnerabilities in its products, including patches for a widely exploited vulnerability in the Apache Struts framework and a Solaris exploit supposedly used by the U.S. National Security Agency.The Struts vulnerability allows for remote code execution on Java web servers and was patched on March 6. Attackers have quickly adopted it and have used it in widespread attacks since then.Oracle uses Apache Struts 2 in several of its products, which is why Tuesday's critical patch update (CPU) fixed 25 instances of the vulnerability in Oracle Communications, Retail and Financial Services applications, as well as in the MySQL Enterprise Monitor, Oracle WebCenter Sites, Oracle WebLogic Server and the Siebel E-Billing app.To read this article in full or to leave a comment, please click here
An unpatched vulnerability in the Magento e-commerce platform could allow hackers to upload and execute malicious code on web servers that host online shops.The flaw was discovered by researchers from security consultancy DefenseCode and is located in a feature that retrieves preview images for videos hosted on Vimeo. Such videos can be added to product listings in Magento.The DefenseCode researchers determined that if the image URL points to a different file, for example a PHP script, Magento will download the file in order to validate it. If the file is not an image, the platform will return a "Disallowed file type" error, but won't actually remove it from the server.To read this article in full or to leave a comment, please click here
An unpatched vulnerability in the Magento e-commerce platform could allow hackers to upload and execute malicious code on web servers that host online shops.The flaw was discovered by researchers from security consultancy DefenseCode and is located in a feature that retrieves preview images for videos hosted on Vimeo. Such videos can be added to product listings in Magento.The DefenseCode researchers determined that if the image URL points to a different file, for example a PHP script, Magento will download the file in order to validate it. If the file is not an image, the platform will return a "Disallowed file type" error, but won't actually remove it from the server.To read this article in full or to leave a comment, please click here
Microsoft released its monthly security-patch bundle Tuesday, fixing 45 unique vulnerabilities, three of which are publicly known and targeted by hackers.The top priority this month should be given to the Microsoft Office security update because one of the fixed flaws has been actively exploited by attackers since January to infect computers with malware. Over the past few days this vulnerability, tracked as CVE-2017-0199, has seen widespread exploitation.To read this article in full or to leave a comment, please click here
Microsoft released its monthly security-patch bundle Tuesday, fixing 45 unique vulnerabilities, three of which are publicly known and targeted by hackers.The top priority this month should be given to the Microsoft Office security update because one of the fixed flaws has been actively exploited by attackers since January to infect computers with malware. Over the past few days this vulnerability, tracked as CVE-2017-0199, has seen widespread exploitation.To read this article in full or to leave a comment, please click here
In a few months, publicly trusted certificate authorities will have to start honoring a special Domain Name System (DNS) record that allows domain owners to specify who is allowed to issue SSL certificates for their domains.The Certification Authority Authorization (CAA) DNS record became a standard in 2013 but didn't have much of a real-world impact because certificate authorities (CAs) were under no obligation to conform to them.The record allows a domain owner to list the CAs that are allowed to issue SSL/TLS certificates for that domain. The reason for this is to limit cases of unauthorized certificate issuance, which can be accidental or intentional, if a CA is compromised or has a rogue employee.To read this article in full or to leave a comment, please click here
In a few months, publicly trusted certificate authorities will have to start honoring a special Domain Name System (DNS) record that allows domain owners to specify who is allowed to issue SSL certificates for their domains.The Certification Authority Authorization (CAA) DNS record became a standard in 2013 but didn't have much of a real-world impact because certificate authorities (CAs) were under no obligation to conform to them.The record allows a domain owner to list the CAs that are allowed to issue SSL/TLS certificates for that domain. The reason for this is to limit cases of unauthorized certificate issuance, which can be accidental or intentional, if a CA is compromised or has a rogue employee.To read this article in full or to leave a comment, please click here
The gang behind the Dridex computer trojan has adopted an unpatched Microsoft Word exploit and used it to target millions of users.The exploit's existence was revealed Friday by security researchers from antivirus vendor McAfee, but targeted attacks using it have been happening since January. After McAfee's limited public disclosure, researchers from FireEye confirmed having tracked the attacks for several weeks as well.The exploit takes advantage of a logic bug in the Windows Object Linking and Embedding (OLE) feature of Microsoft Office. It allows attackers to embed malicious code inside of Microsoft Word documents, with the code automatically executed when those files are opened.To read this article in full or to leave a comment, please click here
The gang behind the Dridex computer trojan has adopted an unpatched Microsoft Word exploit and used it to target millions of users.The exploit's existence was revealed Friday by security researchers from antivirus vendor McAfee, but targeted attacks using it have been happening since January. After McAfee's limited public disclosure, researchers from FireEye confirmed having tracked the attacks for several weeks as well.The exploit takes advantage of a logic bug in the Windows Object Linking and Embedding (OLE) feature of Microsoft Office. It allows attackers to embed malicious code inside of Microsoft Word documents, with the code automatically executed when those files are opened.To read this article in full or to leave a comment, please click here
A group of hackers that has been trying to sell exploits and malware allegedly used by the U.S. National Security Agency decided to make the data available for free over the weekend.The security community was expecting the password-encrypted archive that the Shadow Brokers group unlocked Saturday to contain previously unknown and unpatched exploits -- known in the industry as zero-days. That was not the case.As researchers started to analyze the exploits inside, it became clear that while some of them were technically interesting, the large majority were for old and publicly known vulnerabilities. Some appeared to have actually been sourced from public information and affect software versions that are several years old.To read this article in full or to leave a comment, please click here
Lucian Constantin