We read that Zappos.com was breached on Sunday, to the tune of 24+ million users’ worth of information. But it seems at first blush they responded well. Of course, a company would hope to never have a breach at all, but when it happened at Zappos.com, here are some of the things they appear to
National Security Agency’s (NSA) SE Linux team, citing critical gaps in the security of Android , is building a Security Enhanced (SE) version of the publicly available source code for the Android project. This is a variant of the SE Linux project co-developed by NSA and RedHat, which gives (among other things) a more granular
Static passwords: if we can't kill them off, can we at least improve them? Yes, but here's a not of caution.
WPS, Reaver, and what you can expect from anti-virus by way of vulnerability scanning
Update: A US Federal Court extended the deadline for shutting down the replacement DNS servers to July 9, 2012. On Wednesday, the German Federal Office for Information Security (BSI) published a press release advising users to recheck DNS server settings on their computers. This recommendation is related to the successful botnet takedown – dubbed ‘Operation
We've noted the often staggering fees associated with a credit card breach, normally accompanied by a slew of bad press. We've seen Stratfor, in light of their recent hack, dealing with public exposure issues due, in part, to unencrypted payment card information (for which, to their credt, they’ve publicly apologized for). Now we see a
Says the first line of the presentation entitled “Building a Distributed Satellite Ground Station Network – A Call To Arms” given some time ago at the 28th Chaos Communication Congress (28C3) in Berlin by hackers from the Hackerspace Global Grid team. The presentation was lead off by Nick Farr who had already proposed the need
Do Xmas shopping and porn surfing account for a spike in Win32/Scrinject detections?
ZeuS-related malware appears to be sent by US-CERT and also misuses the name of APWG (the Anti-Phishing Working Group).
The two most prevalent threats over 2011 were still INF/Autorun and Conficker: ESET's December ThreatSense Report looks at threat trends in the new year.
Our white paper on Potentially Unwanted Applications (PUAs) has been revised with additional information, including information about how legitimate software can become classified as a PUA due to its misuse, a discussion of a type of downloader called a software wrapper and updated screen shots. It can be found in the White Papers section: Problematic,
ESET Ireland's Urban Schrott has found an Ireland-targeted 419 with a Spanish twist.
Many of you have read the last few weeks that we published posts on trends for 2012 in the field of malware and cybercrime. In this series I wrote a post based on the document that the Education and Research team of ESET Latin America put together, entitled “2012 Predictions: More mobile malware and localized
If you use Facebook you’ve probably heard of Timeline, a “new” feature that replaces the “traditional” profile page. However, you may be confused by Timeline–I know I am–and confusion could make you the target of a growing number of Timeline-related scams. As of January 3rd, the watchful folks at Inside Facebook were reporting 16 Timeline-related
As expected, malware developers and scam artists have greeted the death of North Korea's dictatorial leader, Kim Jong-il, with Black Hat SEO and Social Engineering attacks. The Supreme Leader of the Democratic People's Republic of Korea suffered a heart attack on a train journey last month and a steady stream of schemes to exploit the
Okay, you got the wrapping paper off the new tablet hotness, fired it up and now cannot put it down. But what should you be doing in the New Year to properly feed, protect, and care for your newly found addiction? Well here are some of the basics – things that are easy to do
ESET researchers examine the evolution of bootkit threats targeting 64-bit Windows over 2011.
You just got a new wireless router for Christmas, but when you set it up it asks about wireless security. Do you want WEP, WPA, WPA2 or any of the other alphabet soup options they give? While it’s easiest to just pick the default setting, are you setting yourself up for trouble from aspiring hackers?
Dazzlepod is saying ... if your account name comes up, change your current password ... why not assume that your account is compromised and go ahead and change it anyway and everywhere?
SOPA as currently constructed can never work as intended. I'm not going to get into the reasons we don't like it because of its oppressive implications or because it is against our first amendment rights nor for any other reason.
