When the insider is the President of the United States, the mishandling and removal of information take on a different demeanor given the national security implications. The U.S. media has widely reported how the National Archives and Records Administration bird-dogged the return of missing presidential records, most recently 15 boxes of presidential papers that should have been directed to the National Archives when President Trump’s term ended on January 20, 2021.
It is alleged the 45th President of the United States directed the collection of materials to be placed into those boxes and forwarded to his Florida residence where they have sat for more than a year. It is also alleged that within some of these boxes were documents that carried the national security “secret” and “top secret” classifications.
How does Microsoft hope to defeat the macro terror? How is the UK Government trying to influence the public’s opinion on end-to-end encryption? And what is MoviePass hoping to do with your eyeballs?
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford.
Threat: Trojan-Spy.Win32.Zbot.aawo.Zeus-Builder
Vulnerability: Insecure Permissions
Description: ZeuS Builder saves PE files to the c drive with insecure
permissions granting change (C) permissions to the authenticated user
group. Standard users can…
Threat: Backdoor.Win32.Prosti.b
Vulnerability: Insecure Permissions
Description: The malware writes a “.dll” PE file with insecure permissions
under c drive granting change (C) permissions to the authenticated user
group. Standard users can…
Threat: Email-Worm.Win32.Lama
Vulnerability: Insecure Permissions
Description: The malware writes a “.BAT” file with insecure permissions
under c drive granting change (C) permissions to the authenticated user
group. Standard users can rename…
Threat: Backdoor.Win32.Prorat.lkt
Vulnerability: Weak Hardcoded Password
Description: The malware listens on TCP port 2121. Authentication is
required, however the password “special” is weak and hardcoded in cleartext
at offset 0040267C.
Type:…
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
