Kenneth White

March 20, 2018

15-Year-old Finds Flaw in Ledger Crypto Wallet

This post was originally published on this siteA 15-year-old security researcher has discovered a serious flaw in cryptocurrency hardware wallets made by Ledger, a French company whose popular products are designed to physically safeguard public and private keys used to receive or spend the user’s cryptocurrencies. Ledger’s Nano-S cryptocurrency hardware wallet. Source: Amazon. Hardware wallets like those sold by Ledger are designed to protect the user’s private keys from malicious software that might try to harvest those credentials from the user’s computer.  The devices enable transactions via a connection to a USB port on the user’s computer, but they don’t […]
October 21, 2019

Avast, NordVPN Breaches Tied to Phantom User Accounts

This post was originally published on this siteAntivirus and security giant Avast and virtual private networking (VPN) software provider NordVPN each today disclosed months-long network intrusions that — while otherwise unrelated — shared a common cause: Forgotten or unknown user accounts that granted remote access to internal systems with little more than a password. Based in the Czech Republic, Avast bills itself as the most popular antivirus vendor on the market, with over 435 million users. In a blog post today, Avast said it detected and addressed a breach lasting between May and October 2019 that appeared to target users […]
January 14, 2020

Patch Tuesday, January 2020 Edition

This post was originally published on this siteMicrosoft today released updates to plug 50 security holes in various flavors of Windows and related software. The patch batch includes a fix for a flaw in Windows 10 and server equivalents of this operating system that prompted an unprecedented public warning from the U.S. National Security Agency. This month also marks the end of mainstream support for Windows 7, a still broadly-used operating system that will no longer be supplied with security updates. As first reported Monday by KrebsOnSecurity, Microsoft addressed a severe bug (CVE-2020-0601) in Windows 10 and Windows Server 2016/19 reported […]