The hot news http://blog.eset.com/2010/07/17/windows-shellshocked-or-why-win32stuxnet-sux is of a zero-day vulnerability that has been used to attack SCADA systems. This comes hot on the heels of an article on the Wired web site titled “Hacking the Electric Grid – You and What Army” http://www.wired.com/dangerroom/2010/07/hacking-the-electric-grid-you-and-what-army/. So clearly Wired had already predicted the origins, at least vaguely, of Win32/Stuxnet.
We received and interesting comment in reply to the blog post http://www.eset.com/threat-center/blog/2009/10/13/phishing-the-fbi-and-terror. Joseph A’Deo, who apparently works for Verisign, mentioned the use of extended validation SSL (EV SSL). I am sure that some of you are familiar with EV SSL. Some of you have seen the results of it and perhaps not noticed. Some
Mac OS X is still secure 16 years after its creation, but increasingly being targeted by cybercriminals. No operating system is 100% malware-proof.
Recent phishing scams targeted both Gmail and Yahoo, and now attackers have their sights set on PayPal with some very convincing bait.
During the last hours, OSX/Keydnap was distributed on a trusted website, which turned out to be “something else”. It spread via a recompiled version of the otherwise legitimate open source BitTorrent client application Transmission and distributed on their official website.
Don’t get fooled by criminals before the 2016 Olympic Games in Rio, says ESET’s Ondrej Kubovič. These sporting events are a prime target for fraudsters.
Recently, we’ve observed a new wave of scams on Facebook. Crooks are luring social network users to visit bogus Ray-Ban e-shops and buy heavily discounted sunglasses there. Victims’ payment card details are at risk.
A new vulnerability could leave as many as one-third of HTTPS websites open to decryption.
A security expert has found a vulnerability on iOS devices that allows malware to be installed via AirDrop.
A malware family that primarily targets Linux-based consumer routers but that can infect other Linux-based embedded systems in its path: Dissecting Linux/Moose.
Two researchers surprised people by demonstrating how they could carry out a denial of service (DoS) attack on iOS devices.
Around 1,500 apps for iPhone and iPad contain an HTTPS vulnerability making it ‘trivial’ for hackers to perform man-in-the-middle attacks to steal passwords, bank details and other private information.
Lenovo’s installation of a security-breaking app called Superfish on some computers has customers justifiably angry, but some folks are now unnecessarily confused by false positive detection.
Make sure you are running a half-decent browser, don’t ignore browser security warnings, and enable two-factor authentication.
That appears to be the lesson to learn from the latest attack on Chinese internet users.
The full scope of the Heartbleed bug came to light in a series of reports by researchers and white-hat hackers, with some claiming a billion smartphones may be at risk, as well as a statement allegedly from the US government over its use of the bug.