tag
Vulnerability

Heartbleed claims British mums and Canadian tax payers as victims

The critical security vulnerability in OpenSSL known commonly as “Heartbleed” continues to raise alarms, with websites now warning that hackers have breached their systems by exploiting the bug, and stolen personal information about users.

Microsoft to fix zero-day flaw that meant just previewing an Outlook email could infect your computer

It’s one thing to have a security hole that relies upon users visiting an infected website, or opening a dodgy attachment – but it’s quite a different level of threat when simply *previewing* a message in your email client infects your computer.

With just days to go, just how many PCs are still running Windows XP?

If computers continue to run Windows XP, and don’t receive any more security patches. they are not just putting themselves and the data they carry at risk, they are endangering all of us who use the internet.

Critical Internet Explorer zero-day vulnerability patched by Microsoft

Microsoft releases a fix for a zero-day vulnerability that has already been exploited by hackers in targeted attacks against some organisations. Don’t delay!

Belkin’s ‘Smart Home’ system has security flaws which could ‘black out’ homes – or start fires

Belkin’s WeMo home automation systems contain multiple vulnerabilities which could allow attackers to remotely control devices attached to a WeMo system – for instance, blacking out lighting in a home, or even starting fires, researchers have claimed.

Critical IE and other flaws discovered. Patch your systems now, says Microsoft

If your system administrator looks a little frazzled this week, be nice to him or her and don’t grumble too much about the photocopier being jammed. It may be that they have more serious issues on their mind.

Discreet messaging site Snapchat leaks 4.6 million phone numbers, names – after ‘ignoring warnings’

Hackers have published what they claim is a database of 4.6 million Snapchat users, with phone numbers matched to usernames, which is searchable online now. The hack could be a huge blow to the ‘discreet’ photo-message service.

Could new malware steal data from INSIDE your SD card? Researchers claim even solid-state PC drives could be at risk

Two researchers have demonstrated an attack that could alter and steal data direct from MicroSD cards, using tiny microcontrollers on the cards themselves. The attack could be used to copy or steal data – and even modify sensitive data such as encryption keys.

Grim warning for bounty hunters – Yahoo pays out paltry $12.50 per vulnerability

Finding vulnerabilities can be a profitable business – even if you work for the right side of the law. Last month, Facebook paid out $12,500 to a researcher for finding a bug – this month, Yahoo! paid out … $12.50.

“Bug bounties” are cheap way to keep companies secure, Berkeley study finds

“Bug bounties” paid out for finding and reporting bugs and vulnerabilities are a cheap and effective way for companies to bolster their security, an independent study by UC Berkeley researchers has found.

U.S. and China plan to “work together” on cybersecurity

China and the U.S. have agreed to work together on cyber security, with the two countries setting up a working group to deal with the issue, U.S Secretary of State John Kerry said on Saturday in Beijing.

Call for new cyber laws after major U.S. banks knocked offline for 249 hours in six weeks

Representative Mike Rogers, Chairman of the Permanent Select Committee on Intelligence, said that Congress needs to act quickly, in an interview with NBC this week. The websites of major U.S. banks have been offline for 249 hours in the past six weeks, due to a series of sustained cyber attacks by an unknown foreign group.

Adobe and Microsoft release critical patches for March

Adobe and Microsoft have both released patches this week to address vulnerabilities in respective software applications and advise all users to apply the patches as soon as possible, if applicable to them.

The Dynamic Duo for Securing your Android: Common Sense and Security Software

On Thursday, September 12, Duo Security, a young-but-respected vendor of two-factor authentication devices, announced the preliminary results of a study of over 20,000 Android devices from a two month old study they performed. Based on the results, they calculated that over half of Android devices on the market have security vulnerabilities that are, as yet,

Instagram vulnerability can allow strangers access to your photos and more

Are you one of the 50 million users of Instagram, the photo-sharing service bought by Facebook in April for $1 billion? If so you need to look out for an Instagram update to fix a vulnerability that has just been published by Spanish security researcher Sebastián Guerrero. This vulnerability, which Guerrero has dubbed the "Friendship

Vulnerable WordPress Leads to Security Blog Infection

Even visiting security-oriented websites can sometimes be risky. If you’ve visited the security blog zerosecurity.org this month and you’re also a user of ESET’s security products, you might have encountered an anti-virus alert such as this one: The detection names may vary. Different variants of the following “generic families” were detected on the compromised websites on

Much Ado About Facebook, Part II

Since yesterday’s Much Ado About Facebook post in the ESET Threat Blog, we have written additional articles, received a few comments, and also received updated information on the “threat,” so it seems that now is a good time for a follow-up article.  Reports continue to come in of pornographic and violent imagery on Facebook, and

Where there’s smoke, there’s FireWire

Forensic software developer PassWare announced a new version of its eponymous software forensics kit on Tuesday. Already several news sources are writing about how the program can automatically obtain the login password from a locked or sleeping Mac simply by plugging in a USB flash drive containing their software and connecting it to another computer

Spearphishing APT-itude Test

My latest blog for SC Magazine's Cybercrime Corner looked at the recent APT (Advanced Persistent Threat) attack on RSA, in the light of Uri Rivner's blog on the implementation of the attack.  Unfortunately, the exact nature of the target and damage remains somewhat obscure, so while I certainly consider Rivner's blog worth reading, I also found myself

Stuxnet Resources Update

Added to the resources blog at http://blog.eset.com/2011/01/03/stuxnet-information-and-resources: Report of a Stuxnet-unrelated vulnerability in SCADA software A speculative cyberwar link Some links on Iranian post-Stuxnet "cybermilitia" recruitment. http://www.itworld.com/security/133469/iran-responds-stuxnet-expanding-cyberwar-militia http://blogs.forbes.com/jeffreycarr/2011/01/12/irans-paramilitary-militia-is-recruiting-hackers/?boxes=financechannelforbes David Harley CITP FBCS CISSP

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

14 articles related to:
Hot Topic
14 Apr 2014
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.