category
Malware

Week in security: Dubai Police use Google Glass facial recognition, Bugzilla gets bugged and ‘Unpatchable’ USB exploit lands on GitHub

This week in security, we covered a full range of privacy and malware, with controversial plans to equip police officers with facial recognition packed Google Glass in Dubai, and the BadUSB malware finding its way on to GitHub.

Dairy Queen hit by card data stealing malware

Dairy Queen has become the latest company to be hit by payment card stealing malware, reports the Wall Street Journal. The breach is said to have affected 395 of its 4,500 American locations.

Future malware might offer real functions to avoid detection

Malware may begin to offer genuinely helpful functionality in the future, in order to “fly under the radar” and fake legitimacy before striking, according to Professor Giovanni Vigna from the University of California.

European ATMs under malware attack

At least 50 cash machines in Eastern Europe have been targeted by malware that allows the hacker to withdraw up to 40 notes at once without a credit or debit card to hand, Computer Weekly reports.

Manual fixes to USB malware revealed… with a catch

Since the BadUSB malware was released to the public with hopes of forcing a fix, a solution has emerged from the researchers who posted the code, but the fix is definitely not without its problems.

Sednit espionage group now using custom exploit kit

For at least five years the Sednit group has been relentlessly attacking various institutions, most notably in Eastern Europe. The group used several advanced pieces of malware for these targeted attacks, in particular the one we named Win32/Sednit, also known as Sofacy.

‘Unpatchable’ USB exploit posted to GitHub

Techspot reports that a another USB exploit has been discovered by a pair of researchers who have “thrown caution to the wind by posting code for a similar attack on GitHub.”

FBI opens malware tool for public “crowdsourcing”

The FBI has opened up its previously in-house malware analyzing tool to the public in order to crowdsource more samples for speedier response, according to The Register.

Bootkits, Windigo, and Virus Bulletin

ESET research on Operation Windigo received an award at Virus Bulletin 2014. Our research on bootkits was also well received, and is now available publicly.

Week in security: Bash Bug, BlackEnergy and hoax attacks

This week, a serious software vulnerability, which rapidly became known as the ‘Bash Bug’ or ‘Shellshock’ dominated the headlines, as two other faked news stories showed that hoaxes can fool the world very easily these days.

Back in BlackEnergy *: 2014 Targeted Attacks in Ukraine and Poland

State organizations and private businesses from various sectors in Ukraine and Poland have been targeted with new versions of BlackEnergy, a malware that’s evolved into a sophisticated threat with a modular architecture.

Week in security: Free iPhone scams target eager fans

This week offered a lesson in how cybercriminals follow the news, and time their attacks to dupe the unwary – with several different attacks aimed at iPhone fans, in the week where Apple unveiled its iPhone 6.

Beware overdue invoice malware attack, wrapped in an .ARJ file!

Online criminals are spamming out messages claiming that invoices are overdue. But attached to the emails are .ARJ files containing a malicious payload – don’t allow your computer to become infected.

Phishing email: UK hit with three times as many ‘bad’ links as U.S.

British internet users opening a spam email are three times more likely to be facing a malicious URL than users in the US, thanks in part to a wave of highly targeted financial malware.

Week in security: Home Depot speaks, Gmail and Android ‘leak’

This week, American chain Home Depot admitted its systems had been breached, Gmail users got a fright, and a series of videos showed leaks in Android chat apps. Meanwhile, Facebook freaked out the world…. again.

Salesforce software – millions of users at risk of Dyre malware

A strain of malware which previously targeted banks has turned its attention to users of the popular Customer Relationship Management (CRM) software Salesforce, used by 100,000 organizations worldwide.

Online ad threat – Yahoo, Amazon, YouTube ‘victims of malvertising’

Anyone who has visited popular domains such as YouTube.com, Amazon.com or Ads.Yahoo.com could be a victim of a new, mutating malware attack distributed through the adverts displayed on the sites.

Home Depot credit cards: chain confirms breach, fraud spikes

The world’s largest home improvement chain store, Home Depot, yesterday confirmed a data breach affecting credit cards and debit cards used in stores on the American mainland, which may have continued since April.

TorrentLocker now targets UK with Royal Mail phishing

Three weeks ago, iSIGHT Partners discovered a new Ransomware encrypting victims’ documents. They dubbed this new threat TorrentLocker. TorrentLocker propagates via spam messages containing a link to a phishing page where the user is asked to download and execute “package tracking information”. In August, only Australians were targeted with fake Australian Post package-tracking page. While

Car hacking – are one-third of thefts ‘electronic hacks’?

The government is to work with car manufacturers to prevent hackers using electronic means to break into increasingly hi-tech vehicles in Britain after a spate of ‘car hacking’ thefts hit London.

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.