Malware disguised as a Facebook video has infected up to 800,000 users machines, according to independent Italian security researchers. The malware hijacks Facebook accounts and web browsers using a fake browser plug-in for Google’s Chrome.
Mobile banking apps pose an “important risk” to consumers as banks increasingly offer access to banking services via smartphones. A financial watchdog is to investigate the threat of bogus and malicious banking apps.
The website of the New York Times briefly disappeared this week, replaced by a banner saying, “Hacked by Syrian Electronic Army” – victim of an attack described as “sophisticated”. Twitter and the Huffington Post were also briefly affected.
The popular password-cracking app Hashcat has “upgraded” to passwords up to 55 characters – meaning that long passwords (for instance those made up of sentences), can be cracked far more quickly.
A few months ago on this blog I described PowerLoader functionality – including an interesting way for privilege escalation into the explorer.exe system process. The leaked PowerLoader code is also used in other malware families.
Android has become a “primary” target for malware, and nearly half its users are open to attacks due to running old versions of the OS, according to an internal bulletin reportedly from the Department of Homeland Security and the FBI.
One in five adults has fallen victim to hacks targeting their email accounts, social networking accounts or online bank accounts, according to a British survey conducted by the University of Kent.
Children come into contact with the internet at a very young age these days – a survey on a parenting site this year said that one in eight children go online before the age of two. Our tips will help keep youngsters safe – and help them enjoy the internet.
Millions of dollars have been lost to an “ominous” new hi-tech tactic used by cybercriminals – where a low-powered DDoS attack is used as “cover” for a direct assault on the bank’s payment system.
The popular online “battle arena” game League of Legends has suffered a major security breach which exposed account information for North American players, as well as transaction records from 2011 including salted and hashed credit card numbers.
Orbit Downloader by Innoshock is a popular browser add-on often used to download embedded videos from sites such as YouTube. But the popular add-on has disturbing hidden functions.
Academics create new “anti-phishing” technology – electronic identity cards which allow secure access to websites, and which could simplify access for people less used to the Internet.
A hacker claims to have access to “the entire database of users on Twitter”, warning that “no account is safe”. He has leaked 15,000 account details via a file-sharing service as “proof” of his claims – although experts are skeptical.
Personal information for 14,000 U.S. Department of Energy employees has leaked in a data breach, according to the Wall Street Journal. It’s the second major breach the Department has suffered this year.
The bug allowed attackers to see any passwords using in a recent browsing session by performing a “memory dump”, and would have worked even if the user was not logged into LastPass.
Java has been – and still is – one of the more problematic issues security-wise. A website showing song lyrics from Golden Earring’s Radar Love shows off problems that can leave users at the mercy of Java attacks.
Apps with a hidden “dark side” could sneak past Apple’s approval process, according to researchers at Georgia Tech. The researchers proved this theory using a malicious app which was approved and downloaded via App Store in March this year.