You searched for software - Help Net Security

Why cryptography is much harder than software engineers think

December 19, 2017
1E
encryption
RSA

The recent ROCA vulnerability (CVE-2017-15361) raises some important issues about the design of secure cryptographic software. The vulnerability is not in this case an obvious coding error such as a buffer overflow, or the use of a poor quality random number generator. In this case, it arose from what probably seemed like a reasonable software engineering decision. To understand this in detail requires some pretty complex mathematics. For that, I refer you to the paper … More →

PowerDNS patches five security holes in widely used nameserver software

November 28, 2017
DNS
Fortinet
Nixu

PowerDNS, the company behing the popular open source DNS software of the same name, has pushed out security updates and patches for its Authoritative Server and Recursor offerings that, among other things, fix five security vulnerabilities of note. “PowerDNS users and customers include leading telecommunications service providers, large scale integrators, Wikipedia, content distribution networks, cable networks / multi service operators and Fortune 500 software companies,” the company proclaims on their site. “In various important markets, … More →

ESET helps Google protect Chrome users from unwanted software

October 17, 2017
browser
Chrome
ESET

Google has redesigned Chrome Cleanup on Chrome for Windows, and has upgraded the technology it uses to detect and remove unwanted software. A basic antivirus for Chrome “We worked with IT security company ESET to combine their detection engine with Chrome’s sandbox technology. We can now detect and remove more unwanted software than ever before, meaning more people can benefit from Chrome Cleanup,” Product Manager Phillippe Rivard noted, but added that this feature is not … More →

Is your Mac software secure but firmware vulnerable?

September 29, 2017
Apple
Duo Security
firmware

Mac users who have updated to the latest OS version or have downloaded and implemented the most recent security update may not be as secure as they originally thought, Duo Security researchers have found. That’s because many of them did not receive the newest firmware along with OS and software updates. Why is keeping your firmware up-to-date important? EFI firmware (Intel’s implementation of the Unified Extensible Firmware Interface – UEFI) is present on all Macs. … More →

Lenovo settles FTC charges it harmed consumers with preinstalled software

September 6, 2017
FTC
government
Lenovo

Lenovo has agreed to settle charges by the Federal Trade Commission and 32 State Attorneys General that the company harmed consumers by pre-loading software on some laptops that compromised security protections in order to deliver ads to consumers. In its complaint, the FTC charged that beginning in August 2014 Lenovo began selling consumer laptops in the United States that came with a preinstalled “man-in-the-middle” software program called VisualDiscovery that interfered with how a user’s browser … More →

The security status quo falls short with born-in-the-cloud software

Born-in-the-cloud software, pioneered by companies like Salesforce, are beginning to dominate the computing landscape. According to Gartner, by 2020, the cloud shift will affect more than $1 trillion in IT spending, and cloud computing will be one of the most disruptive forces since the early days of the digital age. We all realize the opportunities abound. Gartner’s Ed Anderson says, “the cloud shift is not just about cloud. As organizations pursue a new IT architecture … More →

Advantech fixes serious vulns in WebAccess HMI/SCADA software

Advantech has plugged nine security holes in WebAccess and has urged users to upgrade the software as soon as possible. Advantech WebAccess is a web browser-based software package for human-machine interfaces (HMI) and supervisory control and data acquisition (SCADA). A variety of vulnerabilities The vulnerabilities, fixed in the latest version of the product, range from SQL injection flaws to buffer overflows, from incorrect privilege and permission assignment, to improper authentication vulnerabilities. If exploited, they could … More →

Another Ukrainian software maker’s site compromised to spread malware

The web server of Crystal Finance Millennium, a Ukraine-based accounting software firm, has been compromised and made to host different types of malware. The discovery of the compromise was accompanied by fear that there could be a repeat of the destructive NotPetya attack, which was traced back to hacked servers of Ukrainian software maker MeDoc. This time, fortunately, the attackers did not compromise the firm’s software and push out an update laden with malware. Instead, … More →

Malware creators increasingly run their business like legitimate software companies

The continuing increase in ransomware attacks is, partly, due to how easy the malware can be built and used by attackers that have limited technical skills. Take for example the Philadelphia Ransomware-as-a-Service (RaaS) offering. Offered for sale by a group (or individual?) that calls itself The Rainmakers Labs, it is just a part of the overall arsenal of “anti-security solutions” on offer: Philadelphia is a typical piece of crypto-ransomware and, as it’s usual with RaaS … More →

Two Iranians charged with hacking, stealing US missile design software

Two Iranians are accused of hacking of a US software company and the theft of missile design software restricted from export from the US without a license. Mohammed Reza Rezakhah, 39 and Mohammed Saeed Ajily, 35, have been charged with a criminal conspiracy relating to computer fraud and abuse, unauthorized access to, and theft of information from, computers, wire fraud, exporting a defense article without a license, and violating sanctions against Iran. According to the … More →