OpManager: A single console to manage your complete IT infrastructure. Click here for a 30-day free trial.
Welcome Guest | Sign In
LinuxInsider.com
Hacking Team's Dingy Laundry Hung Out Online
July 6, 2015
Fireworks of a different kind rocked the security world this Fourth of July weekend, when news surfaced that hackers breached Hacking Team, an Italy-based firm that develops malware for governments and law enforcement. The attackers reportedly exposed 400 GB of data stolen from its servers. "It appears [Hacking Team] were compromised through social engineering, said Bugcrowd's Jonathan Cran.
New Android Malware Sprouting Like Weeds
July 1, 2015
Information stored on an Android smartphone or tablet is vulnerable to almost 4,900 new malware files each day, according to a report G Data SecurityLabs released Wednesday. Cybercriminals' interest in the Android operating system has grown, the firm's Q1 2015 Mobile Malware Report revealed. The number of new malware samples in the first quarter increased 6.4 percent.
US, Brit Spooks Bedevil Security Software
June 24, 2015
The United States' National Security Agency and the UK's Government Communications Headquarters reportedly have been attacking antivirus and other security software since at least 2008. The aim is to infiltrate networks and track users. The agencies apparently have reverse-engineered security and antivirus software, sometimes under dubious legal authority.
Routers Becoming Juicy Targets for Hackers
June 18, 2015
Most consumers pay as much attention to routers as they do to doorknobs. That's not the case with Net marauders. They're finding the devices ripe targets for mischief. "We've seen a big increase in malware designed for home routers," said Incapsula researcher Ofer Gayer. "Every week, we see a new vulnerability in a vendor's routers," he said. "They're low-hanging fruit if you're a hacker."
Duqu 2.0 Makes Other Malware Look Clunky
June 12, 2015
Duqu 2.0 may have just snatched the title of "most sophisticated malware ever," according to Kaspersky Lab, which published a report on the new threat this week. Kaspersky discovered Duqu 2.0 after the malware penetrated its own internal networks. "The philosophy and way of thinking of the Duqu 2.0 group is a generation ahead of anything seen in the APT world," said Kaspersky's Kurt Baumgartner.
The Painful Persistence of Ad Injections
June 1, 2015
Some of those annoying ads that pop up when you visit a site on the Web or do a search may be served up by, for want of a better word, "hijackers." They use binaries, extensions, or network ISPs to modify a page's content to insert or replace ads with or without the user's consent. It's called "ad injection," and the problem is extensive. The problem begins with software infecting users' browsers.
No Wrongdoing at NCIS, Says Defense Watchdog
May 28, 2015
The U.S. Department of Defense's Inspector General has rejected allegations that the Naval Criminal Investigative Service engaged in questionable domestic intelligence activity. The finding concluded a DoD IG probe spurred by allegations that NCIS was making available to military intelligence agencies its Law Enforcement Information Exchange, a database of 506.3 million law enforcement records.
Linux/Moose Malware Wreaks Havoc on Social Networks
May 27, 2015
Internet security researchers at Eset on Tuesday published a security research paper on Linux/Moose, a major threat to social networks that turns routers into conduits for grabbing users' log-in credentials, employing them for network fraud and to further spread malware to client devices that connect through them to the Internet. The paper, "Dissecting Linux/Moose," details a months-long investigation.
Spy Agencies Planned to Corrupt Google Play
May 22, 2015
The United States and its leading Western allies, known as the "Five Eyes," reportedly planned to hack into smartphones through their links to Google and Samsung's app stores. They wanted to infect apps with spyware and find ways to send misinformation to targets, according to documents released to the media by National Security Agency whistle-blower Edward Snowden.
Containing the Zombie Malware Outbreak
May 22, 2015
Your computer could be operating as part of a botnet, sending out email spam, stealing confidential information, or furthering the spread of malware at this very moment. Computers can become zombies in many ways, but the most common technique is through a Trojan virus installed via malicious email attachments or drive-by downloads from infected websites.
Venom Less Toxic Than Heartbleed
May 20, 2015
It was a little over a year ago that the Heartbleed bug shocked the Internet with its potential for mischief. Now another flaw in open source code has sent network administrators into damage control mode. The bug, called "Venom" for "Virtualized Environment Neglected Operations Manipulation," allows an intruder to jump out of a virtual machine and execute malicious code on its host.
5 IT Security Implementation Myths
May 19, 2015
There's a common perception that implementing comprehensive IT security to protect against today's sophisticated threats and attacks is a difficult and expensive task, and that the benefits of replacing current solutions (even if highly ineffective) are seldom worthwhile. This mindset has resulted in many businesses dealing with a virtual patchwork of disparate systems.
FireEye, Microsoft Outsmart Clever Chinese Malware
May 15, 2015
FireEye and Microsoft have scotched a scheme by a group of cybercriminals based in China to use an IT pro forum to hide malicious activity, according to a report released Thursday. The Chinese gang known as "APT17" devised the scheme, which uses forum pages and profiles on Microsoft's TechNet, to cover traffic from machines infected with the group's Black Coffee malware.
Venom Vulnerability Could Violate Virtual Machines
May 14, 2015
Crowdstrike on Wednesday made public its discovery of yet another long-buried Linux vulnerability. "Venom," as it has been dubbed, was unearthed by the firm's senior security researcher, Jason Geffner. It is listed as vulnerability CVE-2015-3456. Venom exists in the virtual floppy drive code used by virtualization platforms based on QEMU, or quick emulator. It has been around since 2004.
Mumblehard Malware Mugs Linux Servers
May 5, 2015
A family of Linux malware targeting Linux and BSD servers has been lurking around for five years. Dubbed "Linux/Mumblehard," the malware contains a backdoor and a spamming daemon, both written in Perl. The components are mainly Perl scripts encrypted and packed inside an executable and linkable format, or ELF, said Eset. In some cases, one ELF executable with a packer nests inside another.
Report: Top Endpoint Security Packages Perfectly Foil Drive-By Attacks
May 5, 2015
Drive-by attacks on the Internet are a particularly pernicious form of online threat, especially for individual Web surfers. On the corporate level, though, a company with good endpoint protection software can foil the malicious practice. A drive-by occurs when an infected website automatically downloads malware onto a Net traveler's computer. Endpoint solutions can thwart those kinds of attacks.
Steer Clear of iOS 8's Infinite Loop
May 1, 2015
A flaw in iOS 8 allows hackers essentially to crash apps that perform SSL communications whenever they like. Skycure reported the bug at the RSA security conference held last week, advising owners of iOS devices to upgrade to iOS 8.3. Apple this week confirmed that iOS 8.3 addresses the vulnerability. An attack would involve specially crafting an SSL certificate to regenerate a bug.
Apple Watch Could Be a Password Alternative
April 30, 2015
With password tolerance levels at an all time low, alternatives to the pesky and insecure authenticators are beginning to abound. One of those alternatives could be the Apple Watch. Even before Apple's latest gadget began shipping last week, MicroStrategy announced it was extending its Usher enterprise security solution to the Apple Watch. Usher on the Apple Watch allows it to act as a digital key.
IoT: Why Security Pros Need to Prepare Now
April 29, 2015
Have you ever heard of the Cullinan diamond? If you haven't, it was the largest diamond ever discovered: a 3106 carat diamond found in 1905 in South Africa. What's interesting about the Cullinan diamond isn't so much the discovery of the stone itself but what happened afterward: specifically, the cutting of the diamond. The Cullinan diamond was split into a number of smaller pieces.
China's Great Cannon Could Point Anywhere When Next Fuse Is Lit
April 16, 2015
China, which censors the Internet with its Great Firewall aka the "Golden Shield," has a new censorship tool that is causing alarm. It's known as the "Great Cannon." The University of Toronto's Citizen Lab identified the tool in a report released last week. The Great Cannon was first used in March, to launch a large-scale DDoS attack on GitHub and GreatFire.org, Citizen Lab said.
Ransomware Perps Put the Squeeze on Police
April 14, 2015
Five police departments in Maine, whose networks are linked together so they can share files, recently deposited bitcoins worth 300 euros into a Swiss bank account as ransom for their records. The departments' management system was locked down by ransomware that scrambled their data and rendered it unusable. The police decided to pay up after their experts failed to crack the ransomware code.
Chrome Web Store Gives Bad Extensions the Boot
April 10, 2015
Google recently purged some 200 extensions from its Chrome Store inventory. Extensions and add-ons let users add functions and features to the Chrome Web browser, but bad extensions can expose users to a greater risk of spyware and malware. A major problem with many browser add-ons is ad injectors. The clean-up resulted from increasing user complaints.
Heartbleed Threat Won't Fade Away
April 9, 2015
This week marks the first anniversary of the Heartbleed vulnerability that caused a panic across the Internet last year. While the flaw appears to have faded from the recollections of Net denizens, it still poses danger at many sites in cyberspace. Heartbleed was discovered in April 2014 in an open source library, OpenSSL, used by the SSL protocol.
No Need to Waste Brain Space on Yahoo Passwords
March 16, 2015
The way to permanently cure someone's headache is to cut off their head, and that appears to be the principle Yahoo has adopted with a new security policy announced Sunday. Users of Yahoo Mail no longer have to rack their brains to remember passwords, said Chris Stoner, director of product management. Instead, they can opt for on-demand passwords after signing in to their Yahoo.com account.

See More Articles in Malware Section >>
Facebook Twitter LinkedIn Google+ RSS
If I had to give up one of these, it would be...
My tablet
My laptop