The stealthiness of Linux/Cdorked: a clarification

We clarify that the Linux/Cdorked backdoor malware leaves no traces on the hard drive “other than its modified httpd binary” which can be scanned for detection in several ways.

More than 90% of passwords are vulnerable to hacks, warns Deloitte – even “strong” ones

Even passwords considered “strong” by IT departments are often now vulnerable to hacking, according to professional services firm Deloitte. The firm predicts that 90% of user generated passwords will be vulnerable to hacking this year.

PC game service admits to serving up Bitcoin-mining malware

Users of popular PC gaming service ESEA have discovered that their PCs have been hijacked to mine Bitcoins by malware served up alongside the company’s client. A hidden Bitcoin-mining process caused users’ graphics cards to overheat as it worked in the background.

Mysterious Avatar rootkit with API, SDK, and Yahoo Groups for C&C communication

The mysterious Avatar rootkit, detected by ESET as Win32/Rootkit.Avatar, appears to reflect a heavy investment in code development, with an API and a SDK available, plus an interesting abuse of Yahoo Groups for C&C communications.

Wireless carriers put customers at risk by failing to patch Android, says civil liberties group

Wireless carriers Verizon, AT&T, Sprint and T-Mobile are putting customers at risk by failing to fix well-known security vulnerabilities on Android phones, according to the American Civil Liberties Union (ACLU).

Twitter blames spear-phishing for recent hacks – and warns news companies to expect more

Twitter has warned media companies that attacks on their official Twitter accounts are liable to continue, after Britain’s Guardian newspaper became the latest high-profile news site to fall victim.

Password warning after details for 50 million users leak in LivingSocial hack

Daily deals site LivingSocial has become the latest high-profile site to fall victim to hackers, after an attack accessed information for 50 million accounts last week.

Low tech security stumbles

American banks “need to plan” for further cyber attacks, financial group warns

The American banking system needs to prepare or further cyber attacks in the coming months, a leading financial stability group has warned.

Linux/Cdorked.A: New Apache backdoor being used in the wild to serve Blackhole

Analysis of a malicious backdoor serving Blackhole exploit pack found on Linux Apache webserver compromised by malware dubbed Linux/Cdorked.A, together with remediation tool and techniques.

Governments need to spend billions more on data protection, says British security chief

Adrian Price, Head of Information Security at Britain’s Ministry of Defence, suggested that governments should devote 20% of their budget to protecting the nation’s data – a sum worth billions more than that currently allocated in countries such as the UK itself.

Twitter security under spotlight after phishing blamed for disastrous AP Tweet

Twitter is said to be testing new security systems in the wake of a false Tweet from an official Associated Press account which sent stock markets tumbling in America.

Half of British adults use the same password across all websites

Half of British adults use the same password across all the websites they access, according to telecoms regulator Ofcom. The data comes from a survey of 1805 adults aged 16 and up. The report, Adults’ Media Use and Attitudes Report 2013, found that 55% of adult internet users admitted they used the same password for

Preventable errors are behind most security breaches, says Verizon report

Most cyber attacks are simple and predictable, relying on basic tactics and preventable employee errors, according to Verizon’s annual Data Breach Investigations Report. The problem is made worse by the fact that companies often take months or even years to detect such breaches.

Hacked CBS Twitter accounts present followers with malware-tainted “news”

Twitter accounts used by CBS News were compromised on Saturday – and began serving up bogus news stories with links to malware.

U.S. Air Force team wins virtual “cyber war” against veteran hackers

A three-day “cyber war” ended in victory for a team from the U.S. Air Force Academy, who beat off attacks from hackers from the National Security AGency in the 13th annual Cyber Defense Exercise (CDX).

Avoiding tragedy scams

Cybersecurity bill passed by House despite privacy concerns

The Cyber Intelligence Sharing and Protection Act (CISPA) passes the U.S. House despite privacy concerns and the threat of presidential veto.

Online PC Support scam: from cold calling to malware

Here’s a brazen fake antivirus program that falsely declares you are infected, then locks your screen and asks you call a toll free number for Support, which then asks you to pay to remove the fake infection.

A quarter of all PCs have no malware protection, says Microsoft

A quarter of PCs around the world have no antimalware software, according to Microsoft’s latest Security Intelligence Report.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

ESET Virus Radar

Archives

Select month
our experts

Lysa Myers

Graham Cluley

Stephen Cobb

David Harley

Marc-Etienne M.Léveillé

Aryeh Goretsky

Robert Lipovsky

Bruce Burrell

Copyright © 2014 ESET, All Rights Reserved.