Explore Technology Certificate Programs That Fit Your Needs /// Click here to learn more.
Welcome Guest | Sign In
LinuxInsider.com
Retailers Harassed by Backoff Malware
August 05, 2014
The U.S. Department of Homeland Security last week sounded an alarm warning retailers of a family of malicious programs aimed at compromising point-of-sale systems. Attackers used such software last year in massive data breaches that nicked millions of consumer records at Target and Nieman Marcus. Variants of the Backoff family have turned up in at least three forensic investigations.
That Innocent Little Thumb Drive Could Be Big Security Trouble
August 01, 2014
USB flash drives could be at risk of a pernicious attack on their firmware. Over the past two decades, USB devices, aka "thumb drives," have proliferated all over the world, because USB has proven to be a versatile standard. That versatility, though, also makes USB devices vulnerable to what could be a very nasty firmware attack, noted Karsten Nohl and Jakob Lell of Secure Research Labs.
Android's Fake ID Could Put Millions in Jeopardy
July 30, 2014
An Android vulnerability that exists in every version from v2.1 Eclair to v. 4.3 Jelly Bean could expose millions of users, Bluebox Security has warned. The flaw lets attackers fake the certificates of specially privileged parties, such as Adobe and Google Wallet, and serve them up with malware that bypasses detection by Android. Attackers then can take over every app running on an Android device.
Gameover Zombies on the March Again
July 17, 2014
The Gameover botnet is back, more or less, only six weeks or so after the Justice Department announced that an FBI-led multinational effort had disrupted it. Still, the botnet's downtime was longer than expected -- the UK's National Crime Agency had warned that the people running it would regain control within two weeks. Sophos this week spotted a new version of the malware.
Windows XP Hacked, Supply Chain Poisoned
July 16, 2014
A supply chain compromise is a security pro's worst nightmare. The thought of malware being planted on computer devices before they leave the factory sends shivers down a cyberdefender's spine. A disturbing case of such poisoning was reported last week by researchers at TrapX. The researchers found an APT was being used to infect a version of Windows XP embedded on devices.
Google's Project Zero Cybersecurity Watch: No Excuses
July 15, 2014
Google on Tuesday announced Project Zero, an effort to speed up the security bug-fixing process. A team of cybersecurity experts will go after vulnerabilities in any and all software, notify the vendors, and then file bug reports in a public database so users can track the issuance of patches. The Project Zero team has promised to send bug reports to vendors in as close to real-time as possible.
What's Eating Internet Security?
July 15, 2014
It's a given that hackers can and do penetrate websites with laughable ease, ranging from those of retailers to those of the United States government. It certainly doesn't help the security-minded to know that the U.S. National Security Agency and other countries' spy agencies, including the UK's GCHQ and the West German intelligence agency, are tapping into online communications at will.
Critical Infrastructure Companies Lack Cyberdefenses
July 11, 2014
Companies providing the world's critical infrastructure are woefully unprepared for cyberattacks despite the increasing threat level, evidenced by the release of the Stuxnet worm and the Shamoon virus in recent years, found a survey conducted by the Ponemon Institute and Unisys. Nearly 70 percent of the 599 surveyed companies in the past 12 months have reported at least one security breach.
Report: Malware Poisons One-Third of World's Computers
July 09, 2014
Nearly one-third of the world's computers could be infected with malware, suggests a report released last week by the Anti-Phishing Working Group. Malicious apps invaded 32.77 percent of the world's computers, a more than 4 percent jump from the previous quarter's 28.39 percent, it estimates. The increase in infected computers has come hand-in-hand with a jump in the appearance of malware samples.
Dragonfly Swoops Down on Energy Firms
July 01, 2014
The energy industry in the United States and Europe is being targeted by a cybercriminal gang that's suspected of being state-sponsored and has links to Russia. Known variously as "Dragonfly" and "Energetic Bear," the group has been operating at least since 2011. Its focus appears to be espionage and persistent access, with a side dish of sabotage as required, Symantec said.
To Pay or Not to Pay - That's the Ransomware Question
June 24, 2014
Ransomware is a growing problem for consumers and businesses alike. In Symantec's most recent quarterly security report, the company's researchers found all targeted attacks -- including ransomware -- grew 91 percent year-over-year. That's raising a big question for those targeted by cyberextortionists: Should the ransom be paid? Security experts generally say no, but some insert a caveat or two.
Heartbleed Flaw Goes Unpatched on 300K Servers: Report
June 23, 2014
Two months after the Heartbleed vulnerability sent frissons of fear down the spines of IT managers everywhere, 300,000 servers still remain vulnerable, Errata Security said. When the flaw was announced in April, Errata found 600,000 servers vulnerable. "The norm is to do no patches at all for some systems, no matter how easy it is to patch," said Errata CEO Robert Graham.
Researchers Find Android Security on Par With iOS
June 18, 2014
The open source mobile operating system Android long has been considered by security experts to be the mobile OS most vulnerable to security threats, but iOS is just as vulnerable. However, the two OSes expose users to different types of threats. The perceived greater security of iOS rests on Apple's control of app distribution rather than on any inherent superiority of the OS over Android.
5 Myths of Virtualization Security: You May Be More Vulnerable Than You Think
June 11, 2014
Businesses increasingly are relying on virtual machines to handle more critical data and tasks than ever before. The reality is that virtualization is growing as a platform for managing customer data, financial transactions and the applications that businesses use. Simply put, virtualization is a core component of today's mission-critical IT infrastructure.
Cupid Fires Arrow at OpenSSL's Heart
June 10, 2014
As if the discovery of the Heartbleed flaw weren't enough woe for OpenSSL, more than half a dozen additional defects have been discovered in the code used to protect communication on the Web. Among them is one dubbed "Cupid" by its discoverers. The flaw can be used to compromise enterprise networks. Like Heartbleed, Cupid uses a malicious heartbeat packet to compromise a TLS connection.
US-Led Posse Scatters GameOver Zeus Botnet
June 04, 2014
A worldwide operation led by the U.S. involving law enforcement, private sector cybersecurity firms and software vendors has disrupted the GameOver Zeus botnet for now. The U.S. also has filed criminal charges in Pittsburgh, Penn., and Omaha, Neb., against Russian national Evgeniy Mikhailovich Bogachev, and has charged a number of other suspects in the Russian Federation and the Ukraine.
Spammers Quick to Exploit eBay Breach
June 03, 2014
If you're a spammer, big news like the recent breach of eBay's computers is like striking oil in your back yard. Spammers live for headline-grabbing events that they can use to separate gullible Web wanderers from their money, so the eBay breach is a perfect vehicle for a scam. In this case, they try to convince recipients their eBay credentials could be used to give them a criminal record.
Heartbleed-Weary Tech Firms Show OpenSSL a Little Love
May 30, 2014
Remember Heartbleed? Several weeks ago, the exposure of this security bug chilled the Internet, highlighting once again that even the seemingly unbreakable can be hacked. In the case of the Heartbleed vulnerability, encrypted data was at risk of theft. Sites potentially vulnerable to Heartbleed -- from Canada's Revenue Agency to AWS to Yahoo to Reddit -- urged users to change their passwords.
Con Artist Harasses Aussie Apple Customers in Ransomware Attempt
May 28, 2014
Apple on Tuesday aimed to calm anxiety among its iCloud users with reassurances that the service hadn't been breached in a ransomware-style attack. "Apple takes security very seriously and iCloud was not compromised during this incident," reads a company statement. The referenced "incident" is a collection of reports on Apple forums by iPhone users, most of them in Australia.
Chinese Media: Cisco Is Playing on US Cyberspy Team
May 28, 2014
Cisco has been accused of being in bed with U.S. cyberspying efforts, according to a Chinese state media outlet. Cisco "carries on intimately" with U.S. spying apparatuses, the outlet claims, and plays "a disgraceful role" in efforts to prop up U.S. power over the Web. Cisco denied the accusations. Beijing definitely seems to have taken umbrage with last week's U.S. indictments for cyberespionage.
Ransomware Gang Targets Android Phones
May 13, 2014
The Reveton Gang is at it again. This time, though, they're targeting users of Android phones -- typically visitors to porn sites. The gang that pioneered the idea of locking up a target's computer and demanding a ransom to unlock it has turned its attention to the rapidly growing mobile market. Once Reveton mobile infects a phone, it will display a bogus warning.
White House Opens Heart About Vulnerabilities
April 30, 2014
Smarting from speculation that the U.S. intelligence community hoarded knowledge about the Heartbleed bug that's placed millions of servers and devices that access the Internet at risk, the White House Tuesday gave the public some insight into how it decides to release information about computer vulnerabilities. Disclosing them is usually in the national interest, it said.
Clandestine Fox Nips at Explorer's Heels
April 28, 2014
Microsoft's Internet Explorer Web browser has a flaw that allows hackers to commandeer control of computers, FireEye reported Saturday. Although the never-seen-before vulnerability can be found in all versions of the browser, hackers are targeting IE versions 9 through 11, according to a blog post by the three security researchers who made the discovery.
Banking Trojan Enters Mobiles via Facebook
April 21, 2014
Purveyors of a notorious mobile banking Trojan have started targeting Facebook users to infect Android smartphones. The Net predators use a desktop Trojan to leverage a Facebook socializer to install banking malware on their phone, ESET malware researcher Jean-Ian Boutin discovered last week. The desktop bad app, Win32/Qadars, waits for an infected machine to open a Facebook page.

See More Articles in Malware Section >>
Facebook Twitter LinkedIn Google+ RSS