After Event Viewer, ASSOC, INF, PREFETCH and Task Manager, it seems that VERIFY is the latest system utility to be misused by PC tech support scammers.
ResearchExpert content, for researchers by researchers
For years scammers and hackers focused largely on Windows x86-based platforms, in many ways because that’s where the bulk of the users were. But times change, and new targets emerge. At Blackhat and Defcon last week we saw a flurry of talks on Mac OSX/iOS security, trying to illuminate possible chinks in the armor. From
Aleksandr Matrosov looks at the internal architecture of Win32/Flamer's mssecmgr.ocx module.
Jonathan Brossard describes an 'undetectable, unremovable' attack on firmware through gimmicked hardware or a subsequent malware attack. David Harley isn't convinced.
After my colleague Stephen Cobb stood in a huge line at Defcon waiting to get into the Friday keynote by NSA chief General Alexander, plus a swarm of interest shown at the two-part Meet the Fed panel presentation the next day, it’s becoming clear that multiple agencies of the federal government are focused on hackers,
If your organization’s website runs on Apache, and many do, you might wonder if the webserver’s .htaccess controls are securely configured. If you believe the demo we saw yesterday at Blackhat by Matias Katz and Maximiliano Soler, the answer is a resounding ‘NO!’ What Katz and Soler described in their session is not some rare
Detailed analysis of Rovnix.D reveal updates to the code injection technique employed, allowing multiple injections with a variety of payloads.
Blackhat keynote speaker Shawn Henry, the former executive assistant director of the FBI’s Criminal, Cyber, Response and Service Branch, started off the day after opening remarks from Jeff Moss, founder of Blackhat. Moss wondered if now was the time for the cyber-security sector to take a more aggressive/offensive approach. Jeff mentioned working for a former
Today I received the following message in my inbox, claiming to be from the Asian Domain Registration Service and warning me that the eset brand was in danger of being registered by a third-party. Here is the message I received, which I’ve included in its entirety, except for a few bits: Received: from mail.umail168.cn4e.com
Want to access the music tracks of YouTube.com videos on your iPod but don’t want to pay? You’re not alone. Recently, a crop of websites have popped up offering to convert the audio from videos to .mp3 files that you can then download at no charge. Sounds great, right? The catch: scammers are trying to
Gamigo learned a few months ago about a breach and alerted its users that they had been attacked. But now, we see an estimated 8+ million records just went public, no small amount for the attackers. What is interesting is that by one account, hash cracking was able to decrypt over 90% of the passwords,
Giving a support scammer access to your PC can give you more problems than any imaginary virus, especially if you refuse to pay for his 'service'.
Analysis of the Flame worm (Win32/Flamer) reveals some interesting facts about the internal structure of its main module.
Changing the passwords on your online accounts might not sound like a fun weekend activity, but that’s what I did last weekend. Why? Because on Sunday I found out that one of my email addresses was in the list of Yahoo! logins whose passwords were exposed by sloppy handling of a credential file (an incident
Changes in the threatscape as regards exploitation of 64-bit systems, exemplified by the latest modifications to the Rovnix bootkit.
If a service leaks your credentials, your options are limited, but changing all your passwords to something harder to guess/break is never a bad idea.
There are always people who want to piggy-back on the achievements of others. After ESET warned the public against ACAD/Medre.A in two blogs here and here and issued a free standalone cleaner for remediation, there was always the possibility that drawing attention to the issue would result in the topic being misused for other purposes.
Are you one of the 50 million users of Instagram, the photo-sharing service bought by Facebook in April for $1 billion? If so you need to look out for an Instagram update to fix a vulnerability that has just been published by Spanish security researcher Sebastián Guerrero. This vulnerability, which Guerrero has dubbed the "Friendship
The Java exploit for CVE-2012-1723 is already included in the latest update of the BlackHole exploit kit.
Small businesses have their hands full these days in light of a down economy, tightening budgets and the steepening pace of business, but with nation-state hacks front and center in the threatscape, should you worry about those too, or are you (and your customers) safe? Nation-state hacks bring to mind images of large defense contractors,