Scam artists and cybercriminals are looking to turn romance into profit now that Valentine's Day approaches, possibly taking over your computer in the process. According to ESET researchers in Latin America, we can expect the quest for love to be leveraged as an effective social engineering ploy to enable the bad guys to infect unsuspecting
Do you know what your children are doing online, and do they know the risks out there?
In response to recent reports that malicious apps may have made their way into the official Android Market, Google has responded by announcing a new program to more proactively scan the Market and developer accounts for seemingly malicious apps and highlights and/or remove them before users experience trouble. Traditionally, the barriers of entry for developers
A new TDL4 sample includes novel privilege escalation mechanisms in the dropper and changes to the hidden storage system.
As legislators grapple with increasingly vocal smartphone owners concerned with privacy, a new Bill before the U.S. House of Representatives aims to require mandatory consumer consent prior to allowing the collection or transfer of data on such devices. You may recall that a company called CarrierIQ recently became the center of attention after a user
Privacy and security issues have generated a lot of criticism of Facebook in the past, some of which has been published here on the ESET Threat Blog. So it is only fair that we give Facebook credit for positive steps it has taken on the security front. One security measure that has impressed me recently
Facebook fraud, Carberp, statistics and a DDoS plugin.
Awhile back we noted a case where Ramona Fricosu, a woman accused of involvement in a mortgage scam, was asked, following a law enforcement raid in which her laptop was seized, to decrypt data on the device for use as evidence, potentially incriminating her. She pleaded the 5th Amendment protection against self-incrimination and refused to
When a direct message pops up on Twitter stating that other people are saying bad things about you, please think twice before clicking on any links in that message. Why? Because the links are likely to take you to malicious websites that are out to steal your Twitter password. They may also try to infect
Facecrooks has flagged a scam that has apparently already tricked 300,000 people into Liking a scam page.
In an escalation of the tendency to require companies to be forthright with their users following a breach, a European Union proposed bill intended to overhaul a 17-year old law is making progress. This week EU will outline the overhaul to the existing rules, hoping to encourage more expedient communication efforts following a breach, in
As increasing sectors of the internet migrate to Facebook as a deployment platform (Zygna, etc.), a new effort aims to spread the preference aggregation features to include things users either own or would like to own. By allowing users to add Own and Want buttons to their profile, users can highlight both a Wishlist and
Yesterday’s announcement by the US Department of Justice that the operators of file-sharing site Megaupload had been indicted for operating a criminal enterprise that generated over $175 million by trafficking in over half a billion dollars of pirated copyrighted material has sent shockwaves across the Internet. The accuracy of those figures may be questionable, but
What was number one when you were born? Facebook survey scammers aren't going to tell you.
Tomorrow, on January 18, 2012, dozens of popular websites covering a diverse range of subjects will be blacking out their home pages in protest of the U.S. Stop Online Piracy Act (SOPA). Some of these websites are well-known, such as the English language web site for the encyclopedic Wikipedia and quirky news site Boing Boing,
We read that Zappos.com was breached on Sunday, to the tune of 24+ million users’ worth of information. But it seems at first blush they responded well. Of course, a company would hope to never have a breach at all, but when it happened at Zappos.com, here are some of the things they appear to
National Security Agency’s (NSA) SE Linux team, citing critical gaps in the security of Android , is building a Security Enhanced (SE) version of the publicly available source code for the Android project. This is a variant of the SE Linux project co-developed by NSA and RedHat, which gives (among other things) a more granular
Static passwords: if we can't kill them off, can we at least improve them? Yes, but here's a not of caution.
WPS, Reaver, and what you can expect from anti-virus by way of vulnerability scanning
Update: A US Federal Court extended the deadline for shutting down the replacement DNS servers to July 9, 2012. On Wednesday, the German Federal Office for Information Security (BSI) published a press release advising users to recheck DNS server settings on their computers. This recommendation is related to the successful botnet takedown – dubbed ‘Operation
