Symantec wants to see the encrypted Web grow and will offer free basic SSL/TLS certificates to domain owners through Web hosting companies that join its new Encryption Everywhere program.The company has already signed partnerships with more than ten hosting providers, including InterNetX, CertCenter, Hostpoint and Zoned in Europe, and is close to finalizing deals with ten others. The customers of those companies will receive a basic website encryption package that includes a standard TLS certificate valid for one year.Depending on their needs, customers will also be able to opt for paid premium packages that include extended validation (EV) certificates or wildcard certificates that are valid for multiple websites hosted on different subdomains.To read this article in full or to leave a comment, please click here
Spammed Word documents with malicious macros have become a popular method of infecting computers over the past few months. Attackers are now taking it one step further by using such documents to deliver fileless malware that gets loaded directly in the computer's memory.Security researchers from Palo Alto Networks analyzed a recent attack campaign that pushed spam emails with malicious Word documents to business email addresses from the U.S., Canada and Europe.The emails contained the recipients' names as well as specific information about the companies they worked for, which is not typical of widespread spam campaigns. This attention to detail lent more credibility to spam messages and made it more likely that victims would open the attached documents, the researchers said.To read this article in full or to leave a comment, please click here
A patch for a critical Java flaw released by Oracle in 2013 is ineffective and can be easily bypassed, security researchers warn. This makes the vulnerability exploitable again, paving the way for attacks against PCs and servers running the latest versions of Java.The flaw, tracked as CVE-2013-5838 in the Common Vulnerabilities and Exposures (CVE) database, was rated by Oracle 9.3 out of 10 using the Common Vulnerability Scoring System (CVSS). It can be exploited remotely, without authentication, to completely compromise a system's confidentiality, integrity and availability.To read this article in full or to leave a comment, please click here
Adobe Systems released new versions of Flash Player in order to fix 18 critical vulnerabilities that could be exploited to take over computers, including one flaw that's already targeted by attackers."Adobe is aware of a report that an exploit for CVE-2016-1010 is being used in limited, targeted attacks," the company said in a security advisory. The flaw stems from a heap overflow condition and was reported to Adobe by researchers from antivirus firm Kaspersky Lab.Kaspersky Lab did not immediately respond to an inquiry seeking more details about the targeted attacks in which the vulnerability is being exploited.To read this article in full or to leave a comment, please click here
Cisco Systems has patched high-impact vulnerabilities in several of its cable modem and residential gateway devices that are distributed by some ISPs to their customers.The embedded Web server in the Cisco Cable Modem with Digital Voice models DPC2203 and EPC2203 contains a buffer overflow vulnerability that can be exploited remotely without authentication.The flaw could be exploited by sending specially crafted HTTP requests to the Web server and could result in arbitrary code execution.Customers should contact their service providers to ensure that the software version installed on their devices includes the patch for this issue, Cisco said in an advisory.To read this article in full or to leave a comment, please click here
Cisco Systems has patched high-impact vulnerabilities in several of its cable modem and residential gateway devices that are distributed by some ISPs to their customers.The embedded Web server in the Cisco Cable Modem with Digital Voice models DPC2203 and EPC2203 contains a buffer overflow vulnerability that can be exploited remotely without authentication.The flaw could be exploited by sending specially crafted HTTP requests to the Web server and could result in arbitrary code execution.Customers should contact their service providers to ensure that the software version installed on their devices includes the patch for this issue, Cisco said in an advisory.To read this article in full or to leave a comment, please click here
The KeRanger file-encrypting ransomware program for Mac OS X contains crypto flaws that could allow users to recover their files without paying cybercriminals.According to researchers from antivirus firm Bitdefender, KeRanger is based on another ransomware program, called Linux.Encoder, that first appeared in November and targeted Linux-based Web servers.The first three versions of Linux.Encoder had flaws in their cryptographic implementations that allowed the Bitdefender researchers to create tools that could be used to decrypt files affected by the malicious program.To read this article in full or to leave a comment, please click here
Microsoft has fixed 39 vulnerabilities in multiple Windows components, Internet Explorer, Edge, Office and .NET Framework, many of which allow for remote code execution.The patches are grouped in 13 security bulletins, five of which are rated critical and the rest as important.According to researchers from security vendor Qualys, systems administrators should prioritize the MS16-023 security bulletin for Internet Explorer, which covers 13 critical vulnerabilities that can be exploited over the Web to fully take control of computers.Windows 10 users who prefer Microsoft Edge to Internet Explorer should prioritize MS16-024 instead, which covers 11 vulnerabilities in Microsoft's new browser, 10 of them critical.To read this article in full or to leave a comment, please click here
Google has published an interactive questionnaire that companies can use to assess the security practices of their suppliers or to review and improve their own security programs.The Vendor Security Assessment Questionnaire (VSAQ) is a Web-based application and was released under an open-source license on GitHub. It contains a collection of questionnaires that Google itself uses to review multiple aspects of a vendor's security.The application has templates for Web application security, infrastructure security, physical and data center security and an organization's overall security and privacy program. The questions cover everything from whether the vendor has processes in place for external researchers to report vulnerabilities to HTTPS implementation details and internal data handling policies.To read this article in full or to leave a comment, please click here
Generic top-level domains (gTLDs) that have sprung up in recent years have become a magnet for cybercriminals, to the point where some of them host more malicious domains than legitimate ones.Spamhaus, an organization that monitors spam, botnet and malware activity on the Internet, has published a list of the world's top 10 "worst TLDs" on Saturday. What's interesting is that the list is not based on the overall number of abusive domains hosted under a TLD, but on the TLD's ratio of abusive domains compared to legitimate ones.Over the years, lists of spam-friendly top level domains have typically had .com, .net and .org at the top. However, a TLD's trustworthiness ultimately relies on the ability of the organization that manages it -- known as the registry -- to police its name space and to enforce rules for its resellers, the registrars.To read this article in full or to leave a comment, please click here
Romania's highest court has approved the temporary extradition of a convicted hacker accused of breaking into the email and social media accounts of a Bush family member and U.S. government officials.The court ruled Friday that Romanian national Marcel Lehel Lazăr will be extradited to the U.S. for a maximum of 18 months to face charges brought against him there.Lazăr was indicted in June 2014 in the U.S. District Court for the Eastern District of Virginia, accused of hacking into the email and social media accounts of high-profile victims including a family member of two former U.S. presidents, a former U.S. Cabinet member, a former member of the U.S. Joint Chiefs of Staff, and a former presidential adviser.To read this article in full or to leave a comment, please click here
Over the past few years millions of PCs from around the world have been locked or had their files encrypted by malicious programs designed to extort money from users. Collectively known as ransomware, these malicious applications have become a real scourge for consumers, businesses and even government institutions. Unfortunately, there's no end in sight, so here's what you should know.It's not just your PC that's at riskMost ransomware programs target computers running Windows, as it's the most popular operating system. However, ransomware applications for Android have also been around for a while and recently, several variants that infect Linux servers have been discovered.To read this article in full or to leave a comment, please click here
A new file-encrypting ransomware program called Cerber has taken creepiness for victims, but also affordability for criminals, to a new level.In terms of functionality Cerber is not very different than other ransomware threats. It encrypts files with the strong AES-256 algorithm and targets dozens of file types, including documents, pictures, audio files, videos, archives and backups.The program encrypts file contents and file names and changes the original extensions to .cerber. It can also scan for and encrypt available network shares even if they are not mapped to a drive letter in the computer.Once the encryption process is done, Cerber will drop three files on the victim's desktop named "# DECRYPT MY FILES #." They contain the ransom demand and instructions on how to pay it. One of those files is in TXT format, one is HTML and the third contains a VBS (Visual Basic Scripting).To read this article in full or to leave a comment, please click here
Cisco Systems has released software updates for its Nexus 3000 and 3500 switches in order to remove a default administrative account with static credentials that could allow remote attackers to compromise devices.The account is created at installation time by the Cisco NX-OS software that runs on these switches and it cannot be changed or deleted without affecting the system's functionality, Cisco said in an advisory.The company rated the issue as critical because authenticating with this account can provide attackers with access to a bash shell with root privileges, meaning that they can fully control the device.To read this article in full or to leave a comment, please click here
Cisco Systems has released software updates for its Nexus 3000 and 3500 switches in order to remove a default administrative account with static credentials that could allow remote attackers to compromise devices.The account is created at installation time by the Cisco NX-OS software that runs on these switches and it cannot be changed or deleted without affecting the system's functionality, Cisco said in an advisory.The company rated the issue as critical because authenticating with this account can provide attackers with access to a bash shell with root privileges, meaning that they can fully control the device.To read this article in full or to leave a comment, please click here
For the third time in less than a year, security researchers have found a method to attack encrypted Web communications, a direct result of weaknesses that were mandated two decades ago by the U.S. government.These new attacks show the dangers of deliberately weakening security protocols by introducing backdoors or other access mechanisms like those that law enforcement agencies and the intelligence community are calling for today.The field of cryptography escaped the military domain in the 1970s and reached the general public through the works of pioneers like Whitfield Diffie and Martin Hellman, and ever since, the government has tried to keep it under control and limit its usefulness in one way or another.To read this article in full or to leave a comment, please click here
A new malicious program that encrypts files on Web servers has affected at least 100 websites over the past few weeks, signaling a new trend in ransomware development.The program, which is written in PHP, is called CTB-Locker, a name also used by one of the most widespread ransomware programs for Windows computers. It's not clear though if there's a relationship between this new Web-based ransomware and the Windows version.Once installed on a Web server, the program replaces the site's index.php and creates a directory called Crypt that contains additional PHP files. It starts to encrypt all the files in the server's Web directory when it receives a specifically crafted request from an attacker.To read this article in full or to leave a comment, please click here
A team of security researchers has found serious vulnerabilities in over a dozen wireless routers and access points from Netgear and D-Link with the help of an open-source framework that can be used to perform dynamic security analysis on embedded firmware.Called FIRMADYNE, the framework automatically runs Linux-based firmware designed for embedded devices in an emulated environment and then performs a variety of security tests, including checks on known exploits that exist in penetration testing tools.The framework was built by Daming Chen, Maverick Woo and David Brumley from Carnegie Mellon University and Manuel Egele from Boston University. It was released last week as an open source project along with an accompanying research paper.To read this article in full or to leave a comment, please click here
The Internet is fragile. Many of its protocols were designed at a time when the goal was rapid network expansion based on trust among operators. Today, the Internet's open nature is what makes it so great for business, education and communication, but the absence of security mechanisms at its core is something that criminals are eager to exploit.In late January, traffic to many IP (Internet Protocol) addresses of the U.S. Marine Corps was temporarily diverted through an ISP in Venezuela. According to Doug Madory, director of Internet analysis at Dyn, such routing leaks occur almost on a daily basis and while many of them are accidents, some are clearly attempts to hijack Internet traffic.To read this article in full or to leave a comment, please click here
Microsoft is adding a range of new security management and reporting features to its Office 365 and Azure cloud services as part of the company's holistic approach to enterprise security announced last year.In April, the company will release a new product called Microsoft Cloud App Security that will allow customers to gain better visibility, control and security for data hosted in cloud apps like Office 365, Box, SalesForce, ServiceNow and Ariba. The new product is based on technology from Adallom, a cloud access security broker Microsoft acquired in September.To read this article in full or to leave a comment, please click here