Group items tagged

"The flaw, dubbed "Log4Shell", may be the worst computer vulnerability discovered in years. It was uncovered in an open-source logging tool that is ubiquitous in cloud servers and enterprise software used across the industry and the government. Unless it is fixed, it grants criminals, spies and programming novices alike, easy access to internal networks where they can loot valuable data, plant malware, erase crucial information and much more."

"But Computercop isn't security software -- quite the opposite; it's classic malware. The software, made in New York by a company that markets to law enforcement, is a badly designed keylogger that stores thingstyped into the keyboard -- potentially everything typed on the family PC -- passwords, sensitive communications, banking logins, and more, all stored on the hard drive, either in the clear, or with weak, easily broken encryption. And Computercop users are encouraged to configure the software to email dumps from the keylogger to their accounts (to spy on their children's activity), so that all those keystrokes are vulnerable to interception by anyone between your computer and your email server. "

"These exploits are based on chip engineering flaws, not on software flaws. Apple, Google, Abode, Microsoft, and other software companies didn't write poor software or bad Operating Systems to cause these problems to occur. Rather, the chip manufacturers - Intel, AMD and ARM - designed and then engineered computer chips with flaws built into them. Once discovered, those flaws allow the Meltdown and Spectre exploits to be run. Worse, these chips have been sold with consumer computers, servers and mobile devices since 1995. so the impact is, potentially, both personal and global in scope."

"The malware was delivered through multiple ad networks, and used a number of vulnerabilities, including a recently-patched flaw in Microsoft's former Flash competitor Silverlight, which was discontinued in 2013. When the infected adverts hit users, they redirect the page to servers hosting the malware, which includes the widely-used (amongst cybercriminals) Angler exploit kit. That kit then attempts to find any back door it can into the target's computer, where it will install cryptolocker-style software, which encrypts the user's hard drive and demands payment in bitcoin for the keys to unlock it."

"Some are disturbed by the strategy to go "digital by default". Andrew Miller, chair of the Commons science and technology committee, wrote to Cabinet Office minister Francis Maude with concerns that "as public services go online, the government may not keep up with advances in technology and that inadequacies in government software may lead to security vulnerabilities"."

"Security researchers have discovered a vulnerability in the system software used in millions of computers, opening the possibility that attackers could execute arbitrary commands on web servers, other Linux-based machines and even Mac computers."

"Durumeric leads a team of researchers at the University of Michigan that has developed scanning software called ZMap. This tool can probe the whole public Internet in under an hour, revealing information about the roughly four billion devices online. The scan results can show which sites are vulnerable to particular security flaws. In the case of FREAK, a scan was used to measure the scale of the threat before the bug was publicly announced."