category
Threats

POODLE Attack – Google uncovers major flaw in SSL 3.0

In an announcement eerily reminiscent of the early phases of the Heartbleed flaw that took internet security by storm earlier in the year, Google has uncovered an exploit that could allow attackers to decode the plaintext traffic of a secure connection.

Previously undiscovered Bugzilla exploit patched

Bugzilla, the open source bug reporting and tracking tool used by Mozilla and many popular Linux distributions, has had a potentially damaging security flaw patched, reports Brian Krebs on his Krebs on Security website.

How to resolve Shellshock on Mac OS X, web servers and more

The “Bash Bug” or “Shellshock” vulnerability means a wide range of devices, servers and computers, including Mac OS X, will need to be patched to prevent abuse by malicious persons. Here’s advice about what to do and links to more in-depth resources.

Virus Bulletin review: 2 eBooks offering security guidance

An article for Virus Bulletin by David Harley reviews two eBooks offering security advice to consumers.

A look back at 2013 from some folks who live security

A look back at security research highlights from 2013. ESET researchers examined everything from Java exploits to rootkits, bootkits, worms, viruses, Trojans, targeted attacks, and security initiatives. Read about malware from Hesperbot to Cryptolocker and headline security breaches like Target, all in one report.

A buffet of 2014 security and privacy predictions

Have you been wondering what trends in security and privacy ESET researchers are predicting for 2014? The following is a sampling, a year-end snack plate if you will, featuring predictions from Aryeh Goretsky, Righard Zwienenberg, David Harley, Cameron Camp, Lysa Myers, and more.

3D guns, copyright nastiness, and printers gone wild

Did you see the recent story about police in England seizing a 3D printer suspected of producing parts for a weapon – a pistol in this case? Yes, the Greater Manchester Police Department was swiftly nipping hi-tech crime in the bud. The only problem: The poor unsuspecting “criminal” was printing out spare parts for a

NSA and Wall Street: online activity shrinks, changes post-Snowden

News of the NSA’s mass electronic surveillance is having a negative impact on consumer sentiment toward online technology and tech companies, according to recent survey that suggests it could hurt GDP and corporate profits.

Survey says 77% of Americans reject NSA mass electronic surveillance, of Americans

In light of the Snowden/NSA revelations of mass surveillance, 77% of American adults say it is not okay for the government secretly to monitor all of their communications. And some of us are changing how we use the Internet as a result.

Researchers “remote control” an $80 million yacht – and even aircraft could be vulnerable

A hi-tech spoofing attack took “remote control” of a 213-foot yacht – steering it off course, without anyone touching the steering wheel.

NIST cybersecurity framework rolls on amid murmurs of regulation

What needs to happen before the President of the United States can stand before the American people and assure them that a comprehensive and good faith effort has been made to stop cyber attacks disrupting the delivery of essential goods and services? The NIST workshops are seeking answers to that question.

A cybersecurity framework to protect digital critical infrastructure

In the ongoing effort to protect cyber aspects of America’s critical infrastructure, the third NIST Cybersecurity Framework workshop is being hosted July 10-12, 2013 by the University of California, San Diego, and the National Health Information Sharing and Analysis Center.

Needles and haystacks – the art of threat attribution

ESET researchers explain the difficulties in attribution of targeted attacks; evidence is often circumstantial and the source never positively identified.

Mysterious Avatar rootkit with API, SDK, and Yahoo Groups for C&C communication

The mysterious Avatar rootkit, detected by ESET as Win32/Rootkit.Avatar, appears to reflect a heavy investment in code development, with an API and a SDK available, plus an interesting abuse of Yahoo Groups for C&C communications.

Gamers warned of risks of “always online” games such as SimCity and Diablo

The new trend for “always online” games such as SimCity and Blizzard’s Diablo 3 may be putting gamers at risk, experts warn. The games, which require an internet connection even for single-player gaming, are designed to protect game companies from piracy.

Gapz and Redyms droppers based on Power Loader code

Technical analysis of Power Loader, a special bot builder for making downloaders for other malware families and yet another example of specialization and modularity in malware production.

The real risk in Google removing ad-blocking apps from Play store

While many Android users speculate about Google’s removal of ad-blocking apps from the official Android store, Google Play, we consider the risky behavior that is bound to result.

Adobe and Microsoft release critical patches for March

Adobe and Microsoft have both released patches this week to address vulnerabilities in respective software applications and advise all users to apply the patches as soon as possible, if applicable to them.

How Theola malware uses a Chrome plugin for banking fraud

A deep dive into Win32/Theola, one of the most malicious components of the notorious bootkit family, Win32/Mebroot.FX. Theola uses malicious Chrome browser plugins to steal money.

Sinkholing of Trojan Downloader Zortob.B reveals fast growing malware threat

Malware infecting 25,000 computers, mostly in the United States, pumping out 80 million spam messages per hour? ESET researchers sinkhole to investigate Win32/TrojanDownloader.Zortob.B

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.