Research | WeLiveSecurity

Research

Expert content, for researchers by researchers

Research

Cybercrime and the small business: Basic defensive measures

Evidence that criminals are targeting the computer systems of small businesses continues to mount. The Wall Street Journal recently drew attention to the way cybercriminals are sniffing out vulnerable firms. The article highlighted the fact that about 72% of the 855 data breaches world-wide last year that were analyzed in Verizon's Data Breach Investigation Report

Final DNSChanger warning

It’s here, folks! If the replaced DNSChanger servers don’t get another deadline extension, more than 500,000* computers may not be able to reach their configured DNS service after next Monday, July 9, 2012.  In other words, it will be practically impossible for the users of those computers to surf the Internet using human friendly domain

Win32/Gataka: a banking Trojan ready to take off?

We have been following the development of the Win32/Gataka banking Trojan for several months and can now share some details of its operation which includes facilitating fraudulent bank transfers. This first post will highlight some of its key features, while the second will detail several interesting, more technical aspects of this malware. This banking Trojan

How much will your driverless car know about you (and who will it tell)?

Following the flurry of press coverage surrounding the proposed next generation of driverless cars, privacy groups are asking questions about what will happen to the data the cars (necessarily) collect, which – in the wrong hands – might prove tempting for abuse. Other car manufacturers plan on rolling out real-time data streams of information about

ACAD/Medre.A Technical Analysis

For the story behind the suspected industrial espionage, where ACAD/Medre.A was used, refer to Righard Zwienenberg's blog post. For technical details from analysing the worm's source code, read on. ACAD/Medre.A is a worm written in AutoLISP, a dialect of the LISP programming language used in AutoCAD. Whilst we classify it as a worm, due to

CVE2012‑1889: MSXML use‑after‑free vulnerability

As soon as Microsoft had released patches for security bulletin MS12-037 (which patched 13 vulnerabilities for Internet Explorer) Google published information (Microsoft XML vulnerability under active exploitation) about a new zero-day vulnerability (CVE-2012-1889) in Microsoft XML Core Services. Sometimes vulnerabilities are discovered at a rate that outpaces the patching process and so a temporary fix

Close call with a Caribbean cruise line scam

In the middle of working on a blog post about SMS phishing scams at my desk last night, I received a rather strange call.  The number displayed on the Caller ID was +1 (360) 474-3925.  I did not recognize the number, but since it was 7:10PM, I assumed it was a colleague trying to reach

Your Facebook account will be terminated – again

If the scary email or app notification–and subsequent webpage–is to be believed, you have only a few days to verify your Facebook account or you’ll be out of luck. But don’t worry, a few days later you will magically get a few more days to verify, and so the scam goes. A Twitter follower with