archives
January 2013

Straight facts about Mac malware, threats and responses

Does your Apple Mac need antivirus software, or any other kind of security software? This question has been asked repeatedly over the years and I think the “correct’ answer has changed over time.

Walking through Win32/Jabberbot.A instant messaging C&C

Malware authors have a solid track record in regards to creative Command and Control protocols. We’ve seen peer-to-peer protocols, some custom (Sality), some standard (Win32/Storm uses the eDonkey P2P protocol).

PokerAgent botnet stealing over 16,000 Facebook credentials

The ‘PokerAgent’ botnet, which we have tracked in 2012, was designed to harvest Facebook log-on credentials, also collecting information on credit card details linked to the Facebook account and Zynga Poker player stats, presumably with the intention to mug the victims.

Your Apple Mac made even safer: Part 3 of securing new devices

If you recently acquired an Apple Mac computer there are several simple steps you can take to protect your new machine, and all of the valuable information you will be storing on it.

Pentagon to boost cyber security force to combat increased global threat

The Washington Post reports that the Pentagon has approved a major expansion of its cyber security force which will result in a five-fold resource increase.

Security awareness for the smaller business

People are often the weakest link when it comes to business security lapses. Here’s our guide to providing security training and awareness for your staff.

Linux/SSHDoor.A Backdoored SSH daemon that steals passwords

In his summary of New Year predictions by security researchers here at ESET, Stephen Cobb pointed to expanded efforts by malware authors to target the Linux operating system. Looks like that might be right: A blog post published by Sucuri yesterday describes a backdoored version of the SSH daemon discovered on compromised servers. Interestingly, this

Walking through Win32/Jabberbot.A

Malware authors have a solid track record in regards to creative Command and Control protocols. We’ve seen peer-to-peer protocols, some custom (Sality), some standard (Win32/Storm uses the eDonkey P2P protocol). We’ve seen binary protocols (Win32/Peerfrag, aka Palevo). We’ve seen other custom protocols that leverage other standard protocols such as HTTP (Win32/Georbot), DNS (Morto)and IRC (Win32/AutoRun.IRCBot.AK),

5 physical security tips for protecting your digital devices

As we read earlier this week, the chances that one or more of your digital devices may get stolen are uncomfortably high. So what would happen if your mobile device falls into the wrong hands? Here are a few tips that will help minimize the damage if it happens to you.

Mystery shopper scam: misery shopping

Money for nothing? Don’t believe it: a variation on the Mystery Shopper scam that misuses the Pinecone Research brand.

Ninety per cent of passwords are vulnerable to hacking, says report

According to the Deloitte Technology Trends 2013 report more than 90 per cent of user-generated passwords are weak and vulnerable to hacking, including those considered strong by IT departments.

Microsoft fixes Explorer vulnerability in out-of-band patch announcement

Microsoft has taken the unusual step of announcing a patch for an Internet Explorer vulnerability just a week after its traditional patch Tuesday announcements.

Are fears of digital device theft justified? Survey says yes

Everybody knows that laptop computers, tablets and smartphones get stolen, and everybody reading this probably owns at least one of these digital devices, so should you be concerned about yours being pinched, pilfered, peculated, purloined, or in other words, stolen?

Euro security agency lists top ten cyber threats

The EU’s cyber security agency ENISA has published its Cyber Threat Landscape analysis of 2012 which puts drive-by-exploits as the top web threat.

Java vulnerability confirmed by US Department of Homeland Security

A Java vulnerability seemingly discovered by a French researcher has been confirmed by the US Government.

More on that Java vulnerability

  [Update 2: a note for Mac users in Turn off that Java Lamp. And Brian Krebs notes that Oracle Ships Critical Security Update for Java] [Update to a link at java.com offering more information on disabling Java in web browsers.] This is a quick pointer to blogs posted by our colleagues in Spain and in

Java 0-Day Exploit CVE-2013-0422

The infamous exploit packs Blackhole and Nuclear Pack now feature a new zero-day Java exploit that exploits the Java vulnerability CVE-2013-0422. The latest version of Java 7 Update 10 is affected. Malware spreading through drive-by-downloads often utilizes exploit packs, which are able to serve malware variants without any user interaction, as opposed to other techniques

European Cybercrime Centre opens in The Hague

As part of an EU drive to combat the growth of cybercrime across member states a new European Cybercrime Centre (EC3) based at Europol headquarters in The Hague opens Friday 11th January.

Stray cat used as bait in Japanese hacking plot

In a story that could be lifted direct from a Hollywood script, a Japanese hacker placed a memory card on the collar of a stray cat found wandering on an island near Tokyo.

FBI snatches Algerian bank hacker in Thailand

Hamza Bendelladj, the Algerian alleged bank hacker responsible for defrauding US banks of millions of dollars has been detained in Thailand, following three years of tracking by the FBI.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.