The “picture passwords” used in Windows 8 machines are more vulnerable than Microsoft hoped, a research team claims. An analysis of more than 10,000 picture passwords found that a significant percentage could be cracked by algorithms.
Archives - August 2013
Facebook has revealed that it may use facial recognition software to identify people from their profile pictures. The new “feature” was revealed in a change to Facebook’s data use policy, sent out via email to users this week.
Phishing emails are a sad fact of life, and most of us are used to dealing with them - but cybercriminals are increasingly turning to SMS to reel in their victims. Our tips should help you avoid clicking something you'll regret.
More than 800,000 Facebook users fall victim to password‑harvesting browser malware, researcher claims
Malware disguised as a Facebook video has infected up to 800,000 users machines, according to independent Italian security researchers. The malware hijacks Facebook accounts and web browsers using a fake browser plug-in for Google’s Chrome.
Mobile banking apps pose an “important risk” to consumers as banks increasingly offer access to banking services via smartphones. A financial watchdog is to investigate the threat of bogus and malicious banking apps.
The website of the New York Times briefly disappeared this week, replaced by a banner saying, “Hacked by Syrian Electronic Army" - victim of an attack described as "sophisticated". Twitter and the Huffington Post were also briefly affected.
The popular password-cracking app Hashcat has “upgraded” to passwords up to 55 characters - meaning that long passwords (for instance those made up of sentences), can be cracked far more quickly.
A few months ago on this blog I described PowerLoader functionality - including an interesting way for privilege escalation into the explorer.exe system process. The leaked PowerLoader code is also used in other malware families.
We look at malware delivered by a campaign that has infected thousands of websites around the world - and the various control flow obfuscation techniques that make its analysis as interesting as it is challenging.
Android has become a “primary” target for malware, and nearly half its users are open to attacks due to running old versions of the OS, according to an internal bulletin reportedly from the Department of Homeland Security and the FBI.
One in five adults have fallen victim to hackers – and one in 50 has lost more than $15,000, says British survey
One in five adults has fallen victim to hacks targeting their email accounts, social networking accounts or online bank accounts, according to a British survey conducted by the University of Kent.
Children come into contact with the internet at a very young age these days - a survey on a parenting site this year said that one in eight children go online before the age of two. Our tips will help keep youngsters safe - and help them enjoy the internet.
Millions of dollars have been lost to an "ominous" new hi-tech tactic used by cybercriminals - where a low-powered DDoS attack is used as “cover” for a direct assault on the bank’s payment system.
The popular online “battle arena” game League of Legends has suffered a major security breach which exposed account information for North American players, as well as transaction records from 2011 including salted and hashed credit card numbers.
Orbit Downloader by Innoshock is a popular browser add-on often used to download embedded videos from sites such as YouTube. But the popular add-on has disturbing hidden functions.
Academics create new “anti-phishing” technology - electronic identity cards which allow secure access to websites, and which could simplify access for people less used to the Internet.
In this blog post we confirm that the Avatar rootkit continues to thrive in the wild, and disclose some new information about its kernel-mode self-defense tricks. We continue our research into this malware family.
A hacker claims to have access to “the entire database of users on Twitter”, warning that “no account is safe”. He has leaked 15,000 account details via a file-sharing service as “proof” of his claims - although experts are skeptical.
Personal information for 14,000 U.S. Department of Energy employees has leaked in a data breach, according to the Wall Street Journal. It's the second major breach the Department has suffered this year.
The bug allowed attackers to see any passwords using in a recent browsing session by performing a “memory dump”, and would have worked even if the user was not logged into LastPass.