category
More Technical

Facebook credit score?

We recently noted that the data broker industry, in conjunction with social media outlets will become increasingly relied upon as a kind of shadow credit score for judging candidates’ qualifications. Now we see a startup that uses your Facebook profile directly to determine a “credit score” used for microloans. We hear horror stories of lost

A dozen predictions for 2012

While I share the reluctance of my colleagues to predict the future, I think there are some trends that can be classified as “reasonably likely to occur” in 2012. I make no promises, but here’s what I think we will see, in no particular order of importance or certainty. We will see increased interest in

Spam campaign uses Blackhole exploit kit to install SpyEye

This article was written in collaboration with my colleague Jean-Ian Boutin. The Wigon botnet (also known as Cutwail) is being used in a massive spam campaign. A multitude of ruses are used to get the user to click on a link: fake LinkedIn or Facebook notifications, free Windows licenses, fake deliveries etc. The links are

2012 predictions: online data brokers come under fire

In 2011 we saw an increase concern about, and scrutiny of, what exactly social networking sites do with the data you input, both internally as well as what gets shared with third parties. But in 2012 some of that scrutiny will shift to those third parties as more people ask: What are they doing with

Unencrypted credit card storage on the rise

More websites stored unencrypted credit card payment information than ever this year, according to a recent report. I thought we had this figured out? Obviously this is a direct violation of Payment Card Industry Data Security Standard (PCI DSS) requirements. But seriously, this stuff is simple for the developers to fix, so why don’t they?

Safety online with a bang: dodging (more) cyberbullets

An updated version of the paper “Ten Ways to Dodge CyberBullets”, addressing the question “what are the top 10 things that people can do to protect themselves against malicious activity?”

2012 Predictions: East of Java

Java will consolidate its position as the successor to PDF and SWF in the favourite exploits stakes.

Malware and Cybercrime Predictions: ‘Tis the season

What kind of malware and cybercrime can we expect in 2012? How much of it can we expect and what should we do about it? So begins that special season, the one in which experts of every stripe are called upon to prognosticate about the coming year. In keeping with the spirit of this particular

How secure is TSA? Congress isn’t impressed

In a scathing and far-reaching US Congressional report released recently the Transportation Security Administration (TSA) was characterized in these unflattering terms: “Since its inception, TSA has lost its focus on transportation security. Instead, it has grown into an enormous, inflexible and distracted bureaucracy, more concerned with human resource management and consolidating power, and acting reactively

Win32/Flooder.Ramagedos botnet participating in DDoS related to elections in Russia

Russia has been in the news for the last week, with thousands of protesters taking to the street to protest against alleged irregularities in the elections held on December 4th. There are also multiple reports of attempts to silence protesters on the Internet, such as DDoS attacks against websites used by the political opposition, the use

Malware Drive-by Infection Video: From fake FDIC message to infection

The FDIC is probably one of the most misunderstood quasi-governmental entities in America, which may account for its enduring popularity as part of malware and phishing scams. I'm not the most dedicated follower of banking news, but I did work for a bank once and I do try to keep up, yet I have never

Secure DNS? Encrypt the last mile

DNSSEC has been making the headlines lately as a possible defense against nasty DNS redirection schemes on the server end. Combined with anti-malware efforts at thwarting DNS changing via malicious registry/host file modification, it’s making a dent. Now OpenDNS is proposing a last mile approach called DNSCrypt which intends to secure the problematic link between users’

Carrier IQ detection: check your source before you install

Android-specific software that checks for Carrier IQ could create an unanticipated problem.

Delivery Failure Revisited: Win32/TrojanDownloader.Agent.QXN returns

The Trojan downloader malware Win32/TrojanDownloader.Agent.QXN that showed up in my email about 10 days ago made a return visit today, posing as a pair of emails from the United States Postal Service. The first time the malware showed up it was dressed up, as a package delivery receipt from Canada Post. But this time the

Carberp white paper: now with added pictures

“Win32/Carberp: When You’re in a Black Hole, Stop Digging” aggregates most of our published material on Carberp into a single resource.

Wi-Fi and fertility: warm but not so fuzzy

An aspect of mobile computing that affects generations unborn…

Carberp + BlackHole = growing fraud incidents

This article examines the relationship between the Black Hole exploit kit and Win32/Carberp.

SQL Injection Attack Alert

I've already mentioned this on the AVIEN blog, as it was an AVIEN member who first drew it to my attention, but a fairly dramatic SQL Injection attack has been flagged by the Internet Storm Center: it appears to resemble the lizamoon attack which was reported as affecting around a million sites earlier in the year.

Lawyers go back to school for cybercrime

Citing a “serious lack” of attorney expertise in prosecuting cybercrime, New Jersey Prosecutor John Molinelli decided it was time for attorneys to go back to school. He states, “There was a serious lack of prosecuting attorneys – there’s probably a lack of attorneys, in general, who really know this area,” and decided to do something

CarrierIQ, keylogging and mobile payment systems

Recently we see allegations that CarrierIQ is quietly collecting more information than Android users bargained for. In one case, Trevor Eckhart thinks he proved that they register users’ keystrokes without the users’ knowledge for reasons subject to ongoing speculation. We certainly had no trouble finding the CarrierIQ software on an HTC phone, where it possessed

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.