archives
August 2013

Windows 8 picture passwords “can be cracked”, researchers warn

The “picture passwords” used in Windows 8 machines are more vulnerable than Microsoft hoped, a research team claims. An analysis of more than 10,000 picture passwords found that a significant percentage could be cracked by algorithms.

Facebook considers using facial recognition on all profile pictures

Facebook has revealed that it may use facial recognition software to identify people from their profile pictures. The new “feature” was revealed in a change to Facebook’s data use policy, sent out via email to users this week.

Big phish, small pond: How to stay safe from SMS phishing scams

Phishing emails are a sad fact of life, and most of us are used to dealing with them – but cybercriminals are increasingly turning to SMS to reel in their victims. Our tips should help you avoid clicking something you’ll regret.

More than 800,000 Facebook users fall victim to password-harvesting browser malware, researcher claims

Malware disguised as a Facebook video has infected up to 800,000 users machines, according to independent Italian security researchers. The malware hijacks Facebook accounts and web browsers using a fake browser plug-in for Google’s Chrome.

Mobile banking apps pose “serious” safety risks, financial watchdog warns

Mobile banking apps pose an “important risk” to consumers as banks increasingly offer access to banking services via smartphones. A financial watchdog is to investigate the threat of bogus and malicious banking apps.

“Sophisticated” New York Times attack targeted Australian domain name firm

The website of the New York Times briefly disappeared this week, replaced by a banner saying, “Hacked by Syrian Electronic Army” – victim of an attack described as “sophisticated”. Twitter and the Huffington Post were also briefly affected.

Long passwords don’t offer “safe option” as cracker app upgrades

The popular password-cracking app Hashcat has “upgraded” to passwords up to 55 characters – meaning that long passwords (for instance those made up of sentences), can be cracked far more quickly.

The Powerloader 64-bit update based on leaked exploits

A few months ago on this blog I described PowerLoader functionality – including an interesting way for privilege escalation into the explorer.exe system process. The leaked PowerLoader code is also used in other malware families.

Nymaim – obfuscation chronicles

We look at malware delivered by a campaign that has infected thousands of websites around the world – and the various control flow obfuscation techniques that make its analysis as interesting as it is challenging.

Millions of Android users open to attacks due to old versions of OS, FBI warns

Android has become a “primary” target for malware, and nearly half its users are open to attacks due to running old versions of the OS, according to an internal bulletin reportedly from the Department of Homeland Security and the FBI.

One in five adults have fallen victim to hackers – and one in 50 has lost more than $15,000, says British survey

One in five adults has fallen victim to hacks targeting their email accounts, social networking accounts or online bank accounts, according to a British survey conducted by the University of Kent.

How to keep children safe online (without looking over their shoulders all day)

Children come into contact with the internet at a very young age these days – a survey on a parenting site this year said that one in eight children go online before the age of two. Our tips will help keep youngsters safe – and help them enjoy the internet.

Cybercriminals use DDoS attacks as “smokescreens” for major cyber thefts

Millions of dollars have been lost to an “ominous” new hi-tech tactic used by cybercriminals – where a low-powered DDoS attack is used as “cover” for a direct assault on the bank’s payment system.

League of Legends players warned after major security breach

The popular online “battle arena” game League of Legends has suffered a major security breach which exposed account information for North American players, as well as transaction records from 2011 including salted and hashed credit card numbers.

Orbital Decay: the dark side of a popular file downloading tool

Orbit Downloader by Innoshock is a popular browser add-on often used to download embedded videos from sites such as YouTube. But the popular add-on has disturbing hidden functions.

New “anti-phishing” technology uses electronic cards, not passwords

Academics create new “anti-phishing” technology – electronic identity cards which allow secure access to websites, and which could simplify access for people less used to the Internet.

Avatar rootkit: the continuing saga

In this blog post we confirm that the Avatar rootkit continues to thrive in the wild, and disclose some new information about its kernel-mode self-defense tricks. We continue our research into this malware family.

Twitter hacker claims “no account is safe” – but network says not to worry

A hacker claims to have access to “the entire database of users on Twitter”, warning that “no account is safe”. He has leaked 15,000 account details via a file-sharing service as “proof” of his claims – although experts are skeptical.

U.S. Energy Dept admits to second big data leak this year

Personal information for 14,000 U.S. Department of Energy employees has leaked in a data breach, according to the Wall Street Journal. It’s the second major breach the Department has suffered this year.

LastPass owns up to password-exposing Internet Explorer bug

The bug allowed attackers to see any passwords using in a recent browsing session by performing a “memory dump”, and would have worked even if the user was not logged into LastPass.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.