archives
October 2013

Scary Code: Top 5 malware that kept researchers up at night

If sinister pieces of malicious code could rise from the dead on Halloween, which would be the most scary for antivirus researchers? Here are 5 contenders, with a variety of very nasty traits.

Smartphone “contactless” payment systems may be at risk from snooper devices, researchers warn

Phones such as Samsung’s Galaxy S4 ship with Near Field Communication chips built in – and many companies hope to use these for payment systems. But snooper devices may be able to “listen in” as payment apps are used, researchers warn.

When big sites spring a leak: What to do when breaches put your ID at risk

When Adobe admitted 38 million user IDs had leaked from its system this week, it was one of a long line of companies to fall victim to such data breaches. Most companies react fast – and offer good advice – but our guide adds a few extra safeguards if your ID is put at risk.

Big companies still fall for social engineering “hacks” by phone – and it’s not getting better

Major companies such as Disney, Boeing and General Electric are still handing out information to “hackers” using the most basic tool of all – the human voice, according to a report on a competition at DefCon.

Windows XP users already facing malware invasion – before Microsoft “pulls plug”

Windows XP users already face far higher risks from malware – with XP users facing infection rates six times higher than Windows 8 users. Microsoft will withdraw support for the ageing platform in April next year – despite the fact that one in five PCs on Earth still use it.

Adobe breach far bigger than thought – 38 million records, Photoshop code leaked in attack

Previously, it had been estimated that around three million users had data accessed, but a new report by Brian Krebs of KrebsonSecurity revealed the true scale of the breach may have been far larger than thought – and that source code for software such as Photoshop may also have leaked.

Tech support scam update: still flourishing, still evolving

[Update 30th October 2013: with regard to the ping gambit discussed below, please note that protection.com now responds to ICMP echo requests – in other words, if you now run the command “ping protection.com” you should now see a screen something like this: Note that this is perfectly normal behaviour for a site that responds

President Obama’s Twitter and Facebook accounts hijacked by hacktivist group

President Obama’s Twitter and Facebook accounts were briefly compromised this week – with two Tweets and one post altered to send links to video montages of terrorist attacks.

Survey says 77% of Americans reject NSA mass electronic surveillance, of Americans

In light of the Snowden/NSA revelations of mass surveillance, 77% of American adults say it is not okay for the government secretly to monitor all of their communications. And some of us are changing how we use the Internet as a result.

Rogue’s gallery? New app aims to “out” cybercriminals who prey on online daters

A new app, Truly.am, aims to put a stop to a fast-growing area of online fraud – online dating scams – by forcing cybercriminals to prove they are who they say they are.

Artificial intelligence firm claims to have “cracked” CAPTCHAS

An American artificial intelligence company claims to have “cracked” CAPTCHAs – the standard word tests used to tell humans and computers apart online. A program designed by Vicarious can break standard CAPTCHAs with 90% accuracy, Vicarious claims.

Rebuffed! Social site Buffer fights off onslaught of fruity weight-loss spam

An invasion of fruity posts offering miraculous weight loss flooded Facebook and Twitter accounts linked to the social sharing app Buffer – appearing on official accounts for companies such as Brussels Airlines and Startup Genome.

Cyberattack in Israel “shuts down” road for hours

Attackers used a Trojan program to target a security camera system in the Carmel Tunnels toll road in Haifa, shutting down the road for hours, and causing “hundreds of thousands of dollars” in damage.

The Preliminary NIST Cybersecurity Framework published and Workshop #5 scheduled

The newly published Preliminary Cybersecurity Framework from NIST, part of the federal effort to help critical infrastructure owners and operators reduce cybersecurity risks, is now available for review, with some interesting new language and a final workshop scheduled for November.

PHP site WAS serving malicious code, owners admit after Google raises red flag

When Google’s Safe Browsing service said that programming site PHP.net was hosting and serving malware, it sparked furious discussion – but the site investigated, and has since admitted a Javascript attack, and moved to “clean” servers.

Don’t pay up! How to avoid ransomware threats – and how to fight back

Ransomware can be among the most frightening forms of malware – suddenly, your screen is replaced by a message from the police, demanding money, or a message saying your files are lost unless you pay a ransom to unlock them. Our tips will help you fight back.

New fingerprint ID system scans for living blood – and is “solution to cybercrime”, makers claim

Launched today in London, the technology mixes biometrics and other security technologies for what its makers claim is a “transformative” solution to combating cybercrime – and which can be used for network security, banking machines and even smartphones.

Why Mac security product testing is harder than you think

As both Macs and Mac malware increase in prevalence, the importance of testing the software intended to supplement the internal security of OS X increases too. But testing security products on Mac is tricky, due to Apple’s own countermeasures. Can it be made easier?

Nymaim: Browsing for trouble

We have already discussed how a system gets infected with Win32/Nymaim ransomware. In this blog post, we reveal a new infection vector, a study of the different international locker designs and ransom prices as well as a complete technical analysis of its communication protocol.

Rotten routers? More brands found to contain hidden “backdoors”

Routers from Chinese manufacturer Tenda contain a hidden “backdoor” which could allow attackers to “take over” the router and send it commands. The company also sells routers branded as Medialink, and the machines are available around the world.

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.