Make in-app payments easy and secure with Apple Pay. Click here to see how.
Welcome Guest | Sign In
LinuxInsider.com
IT Weaknesses Paved the Way for Target Hackers
January 30, 2014
The Target data breach exposed more than 100 million customers, riled up U.S. intelligence agencies, sparked a Justice Department investigation, involved the U.S. Department of Homeland Security and the FBI, triggered congressional hearings, and led several banks to re-issue their credit cards. The hacker has variously been identified as a 17-year-old Russian or one or more other cybercriminals.
Neiman Marcus Alerts Customers to Hack Attack
January 24, 2014
Neiman Marcus has announced that some 1.1-million customer credit and debit cards may have been exposed in a hack attack. The retailer was first alerted to the intrusion at the beginning of the year. It appears that "sophisticated, self-concealing malware" able to obtain payment card information was active in the company's systems between July 16 and Oct. 30, 2013, CEO Karen Katz said.
Bitcoin's Popularity Attracts Malware Writers
January 22, 2014
Most folks know the value of money, but few know the latest value of a Bitcoin, a virtual currency prone to wide price swings. Those swings haven't deterred those on the digital leading edge from speculating in the currency -- or bad app writers from plotting ways to steal it. "Bitcoins -- and indeed any digital property of any value -- will be a theft target," said Bitcoin developer Jeff Garzik.
Pentagon Wary of New Chinese Missile Vehicle
January 16, 2014
Last week, China's military took its new "ultra-high speed missile vehicle" -- or "hypersonic glide vehicle," if you prefer -- for its first test drive, raising eyebrows among U.S. defense officials. The hypersonic aircraft, capable of maneuvering at a mindboggling 10 times the speed of sound -- that's more than 7,500 miles per hour -- is designed to deliver warheads through U.S. missile defenses.
PowerLocker Takes Ransomware to a New Level
January 13, 2014
Up to now, the malware program CryptoLocker has been king of the ransomware roost, but PowerLocker may present a new challenge. "It has some interesting countermeasures to thwart researchers," said Harry Sverdlove, CTO of Bit9. Among those countermeasures are the ability to determine if it's running on a virtual machine -- and if so, to alter its behavior.
Malicious Ads Infect Thousands of European Yahoo Users
January 06, 2014
Certain advertisements on Yahoo's European website may have helped infect thousands of computers with malware. A Dutch computer security firm, Fox-IT, outed Yahoo last Friday, penning a blog post claiming that attackers had used ads.yahoo.com to insert malicious ads. Fox-IT was apparently on to something, because on Sunday, Yahoo admitted to hosting ads that didn't "meet our editorial guidelines."
Computer Pioneer, Subjected to Homophobic Prosecution, Pardoned by Queen
December 27, 2013
Alan Turing, a British man whose code-breaking prowess helped thwart Nazi Germany in World War II, was pardoned this week by Queen Elizabeth for his decades-old "crime." Turing was prosecuted in 1952 for "gross indecency" for having a sexual relationship with another man, a ruling that resulted in the loss of his security clearance and compulsory hormone treatment. Two years later, he died from cyanide poisoning in what was ruled a suicide.
Chinese Supercomputer Gets a Job Forecasting Smog
December 10, 2013
Scientists in China will use the country's Tianhe-1A supercomputer to forecast and analyze smog in major cities. The Tianhe-1A will be used to create a simulation that will collate data from across more than 100 Chinese cities. Theoretically, this will enable scientists to predict the density of smog, how long it will linger, and where it might go next.
Malware Drop, Ransomware Rise Forecast for 2014
December 09, 2013
A malware decline and ransomware rise are in the security crystal ball for 2014. There will be less malware spreading through networks next year as hackers focus on obtaining credentials that allow them to access systems. "Malware will still be important in establishing a foothold in the network, but we don't see malware moving laterally in networks," said Websense's Alex Watson.
Microsoft's ZeroAccess Botnet Takedown No 'Mission Accomplished'
December 09, 2013
Microsoft said last week that it had disrupted the ZeroAccess botnet, which has been around since 2011. It joined forces with the FBI, the European Cybercrime Center, and several high-tech companies. Microsoft also filed suit against various John Does believed to be involved with the botnet. However, the operators of ZeroAccess have since pushed out commands to infected PCs on two occasions.
Chinese Banks Warned About Bitcoins
December 06, 2013
China's central bank said Thursday that the nation's banks and payment systems were prohibited from handling Bitcoins. Bitcoins are "virtual goods" and have no legal weight, the banking body said. Individuals can still toy with them at their own risk, but financial institutions and payment systems can't touch -- no selling, no trading and no storing of Bitcoins.
Stolen Password Analysis Exposes Foolish Choices
December 06, 2013
Cybercriminals recently stole more than 2 million usernames and passwords from several popular sites including Facebook and Google. Pony, a botnet that logs user keystrokes, captured the information from more than 90,000 websites during the past month and then sent it to a hacker-controlled server. It snagged data from 326,000 Facebook accounts, 60,000 Google accounts and 22,000 Twitter accounts.
NSA's Malware Infection Spree Leaves Network Managers Powerless
November 26, 2013
The United States National Security Agency reportedly has seeded 50,000 networks worldwide with malware designed to steal sensitive information. The report -- the latest in a series of published disclosures based on documents released by Snowden -- is likely to fuel the controversy raging around cybersurveillance by the U.S. and its allies -- the UK, Australia, New Zealand and Canada.
Brit Spies Spoof LinkedIn Pages to Track Targets
November 11, 2013
British intelligence agency GCHQ reportedly has spoofed LinkedIn profiles of employees at mobile communications companies and mobile billing firms to gain access to their corporate networks. The first known attack was on Belgacom, a telecom firm partly owned by the Belgian government, according to a top secret GCHQ presentation revealed by NSA whistleblower Edward Snowden.
Insecurity and the Internet of Things, Part 2: Dangers Lurk
November 06, 2013
In early September, the U.S. Federal Trade Commission's first action involving security and the Internet of Things came to fruition. The FTC came to a settlement with Trendnet, which makes Internet-connected video cameras, over the firm's lax security practices. The settlement was over intrusions that occurred in January 2012, when hackers posted live feeds from about 700 Trendnet cameras online.
IE Gets Top Props for Thwarting Socially Engineered Malware
November 04, 2013
By duping an Internet innocent into making just one errant click, an online bandit can inflict a world of hurt. Socially engineered malware attacks attempt to deceive a user into downloading malicious software, typically through a link to an infected website. The best protections against those attacks are built into Microsoft's Internet Explorer, according to NSS Labs.
Cyberambush on Tunnel Security Blocks Main Israeli Artery
October 28, 2013
Israel last month was hit with a major cyberattack that shut down a key tunnel that forms part of its national road security network. The attack, only being reported now, knocked out key security operations on back-to-back days, resulting in hundreds of thousands of dollars in damage. It reportedly came in the form of a Trojan horse and caused shutdowns on both days.
Microsoft Pays First-Ever $100K Bounty for Windows Bug
October 09, 2013
Microsoft on Tuesday forked out what might be the biggest payment to a bug hunter yet: $100,000. The money went to James Forshaw, head of vulnerability research at Context Information Security, for coming up with a new exploitation technique that affects Windows 8.1 Preview. Microsoft did not disclose details of the mitigation bypass technique Forshaw discovered, and won't do so until it is addressed.
Symantec Paws at ZeroAccess Botnet
October 01, 2013
Symantec has removed more than 500,000 infected PCs from the botnet created by the ZeroAccess Trojan, which uses a peer-to-peer mechanism -- the latest technique botnet authors have adopted to avoid having their networks taken down by security experts. Symantec used a DNS sinkhole to fight the ZeroAccess botnet. The attack "made a sizeable dent," said Symantec security researcher Vikram Thakur.
Reengineering Human Behavior Can Foil Phishing
September 30, 2013
Almost all cyberattacks these days require an element of social engineering. Spammers are always looking for that hot button to induce a click on a link or an attachment. Drive-by artists continually experiment with poisoned banner ads designed to steer the curious into an online dark alley. Spearphishers put together persuasive pitches pretending to be friends or a trusted institution.
Heavy Attacks Expected as Microsoft Scrambles to Fix IE Flaw
September 18, 2013
Microsoft revealed Tuesday it was investigating a previously unknown security flaw affecting all versions of its IE Web browser. Hackers have attempted to exploit the vulnerability in targeted attacks on users of versions 8 and 9, it reported in a security advisory. "The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code," the advisory says.
Web App Firewalls Blunt Attacks
September 16, 2013
Web applications have become attractive targets for hackers because they allow bad actors to maximize the reach of their mischief with a minimum of effort. That's what originally attracted the Internet underworld to programs like Windows and Adobe Acrobat, and it's what continues to attract them to Java. A vulnerability in one of those programs can be exploited in millions of machines.
Needle in a Haystack: Harnessing Big Data for Security
September 14, 2013
The combination of the polymorphic nature of malware, failure of signature-based security tools, and massive amounts of data and traffic flowing in and out of enterprise networks is making threat management using traditional approaches virtually impossible. Until now, security has been based largely on the opinions of researchers who investigate attacks.
No End to the Headaches Endpoints Give System Defenders
September 03, 2013
If there's one attack surface that's attracting growing attention from digital marauders, it's a system's endpoints. With the proliferation of BYOD, securing connections can be a defender's nightmare. Endpoints have an allure for attackers because they offer multiple attack vectors, such as social engineering attacks, spearphishing, USB infection, and compromise of WiFi networks and routers.

See More Articles in Malware Section >>
Facebook Twitter LinkedIn Google+ RSS