ESET helps Google protect Chrome users from unwanted software

Google has redesigned Chrome Cleanup on Chrome for Windows, and has upgraded the technology it uses to detect and remove unwanted software. A basic antivirus for Chrome “We worked with IT security company ESET to combine their detection engine with Chrome’s sandbox technology. We can now detect and remove more unwanted software than ever before, meaning more people can benefit from Chrome Cleanup,” Product Manager Phillippe Rivard noted, but added that this feature is not … More

Is your Mac software secure but firmware vulnerable?

Mac users who have updated to the latest OS version or have downloaded and implemented the most recent security update may not be as secure as they originally thought, Duo Security researchers have found. That’s because many of them did not receive the newest firmware along with OS and software updates. Why is keeping your firmware up-to-date important? EFI firmware (Intel’s implementation of the Unified Extensible Firmware Interface – UEFI) is present on all Macs. … More

Lenovo settles FTC charges it harmed consumers with preinstalled software

Lenovo has agreed to settle charges by the Federal Trade Commission and 32 State Attorneys General that the company harmed consumers by pre-loading software on some laptops that compromised security protections in order to deliver ads to consumers. In its complaint, the FTC charged that beginning in August 2014 Lenovo began selling consumer laptops in the United States that came with a preinstalled “man-in-the-middle” software program called VisualDiscovery that interfered with how a user’s browser … More

The security status quo falls short with born-in-the-cloud software

Born-in-the-cloud software, pioneered by companies like Salesforce, are beginning to dominate the computing landscape. According to Gartner, by 2020, the cloud shift will affect more than $1 trillion in IT spending, and cloud computing will be one of the most disruptive forces since the early days of the digital age. We all realize the opportunities abound. Gartner’s Ed Anderson says, “the cloud shift is not just about cloud. As organizations pursue a new IT architecture … More

Advantech fixes serious vulns in WebAccess HMI/SCADA software

Advantech has plugged nine security holes in WebAccess and has urged users to upgrade the software as soon as possible. Advantech WebAccess is a web browser-based software package for human-machine interfaces (HMI) and supervisory control and data acquisition (SCADA). A variety of vulnerabilities The vulnerabilities, fixed in the latest version of the product, range from SQL injection flaws to buffer overflows, from incorrect privilege and permission assignment, to improper authentication vulnerabilities. If exploited, they could … More

Another Ukrainian software maker’s site compromised to spread malware

The web server of Crystal Finance Millennium, a Ukraine-based accounting software firm, has been compromised and made to host different types of malware. The discovery of the compromise was accompanied by fear that there could be a repeat of the destructive NotPetya attack, which was traced back to hacked servers of Ukrainian software maker MeDoc. This time, fortunately, the attackers did not compromise the firm’s software and push out an update laden with malware. Instead, … More

Malware creators increasingly run their business like legitimate software companies

The continuing increase in ransomware attacks is, partly, due to how easy the malware can be built and used by attackers that have limited technical skills. Take for example the Philadelphia Ransomware-as-a-Service (RaaS) offering. Offered for sale by a group (or individual?) that calls itself The Rainmakers Labs, it is just a part of the overall arsenal of “anti-security solutions” on offer: Philadelphia is a typical piece of crypto-ransomware and, as it’s usual with RaaS … More

Two Iranians charged with hacking, stealing US missile design software

Two Iranians are accused of hacking of a US software company and the theft of missile design software restricted from export from the US without a license. Mohammed Reza Rezakhah, 39 and Mohammed Saeed Ajily, 35, have been charged with a criminal conspiracy relating to computer fraud and abuse, unauthorized access to, and theft of information from, computers, wire fraud, exporting a defense article without a license, and violating sanctions against Iran. According to the … More

AI technologies will be in almost every new software product by 2020

Market hype and growing interest in artificial intelligence (AI) are pushing established software vendors to introduce AI into their product strategy, creating considerable confusion in the process, according to Gartner. Analysts predict that by 2020, AI technologies will be virtually pervasive in almost every new software product and service. “As AI accelerates up the Hype Cycle, many software providers are looking to stake their claim in the biggest gold rush in recent years,” said Jim … More

DevSecOps: Build a bridge between fast and secure software development

Despite the pervasive belief that security and development teams have conflicting priorities, initiatives such as creating DevOps environments and focusing on product innovation have the two teams aligned toward a common goal of creating secure software. In fact, according to new research conducted by Enterprise Strategy Group (ESG), 58 percent of survey respondents stated their organization is taking a collaborative approach to securing applications. Growing need for DevSecOps The research aims to determine security and … More