Free Download: Get the April 2015 Comprehensive Internet Security Threat Report
Welcome Guest | Sign In
TechNewsWorld.com
Spy Agencies Planned to Corrupt Google Play
May 22, 2015
The United States and its leading Western allies, known as the "Five Eyes," reportedly planned to hack into smartphones through their links to Google and Samsung's app stores. They wanted to infect apps with spyware and find ways to send misinformation to targets, according to documents released to the media by National Security Agency whistle-blower Edward Snowden.
Containing the Zombie Malware Outbreak
May 22, 2015
Your computer could be operating as part of a botnet, sending out email spam, stealing confidential information, or furthering the spread of malware at this very moment. Computers can become zombies in many ways, but the most common technique is through a Trojan virus installed via malicious email attachments or drive-by downloads from infected websites.
Venom Less Toxic Than Heartbleed
May 20, 2015
It was a little over a year ago that the Heartbleed bug shocked the Internet with its potential for mischief. Now another flaw in open source code has sent network administrators into damage control mode. The bug, called "Venom" for "Virtualized Environment Neglected Operations Manipulation," allows an intruder to jump out of a virtual machine and execute malicious code on its host.
5 IT Security Implementation Myths
May 19, 2015
There's a common perception that implementing comprehensive IT security to protect against today's sophisticated threats and attacks is a difficult and expensive task, and that the benefits of replacing current solutions (even if highly ineffective) are seldom worthwhile. This mindset has resulted in many businesses dealing with a virtual patchwork of disparate systems.
FireEye, Microsoft Outsmart Clever Chinese Malware
May 15, 2015
FireEye and Microsoft have scotched a scheme by a group of cybercriminals based in China to use an IT pro forum to hide malicious activity, according to a report released Thursday. The Chinese gang known as "APT17" devised the scheme, which uses forum pages and profiles on Microsoft's TechNet, to cover traffic from machines infected with the group's Black Coffee malware.
Venom Vulnerability Could Violate Virtual Machines
May 14, 2015
Crowdstrike on Wednesday made public its discovery of yet another long-buried Linux vulnerability. "Venom," as it has been dubbed, was unearthed by the firm's senior security researcher, Jason Geffner. It is listed as vulnerability CVE-2015-3456. Venom exists in the virtual floppy drive code used by virtualization platforms based on QEMU, or quick emulator. It has been around since 2004.
Mumblehard Malware Mugs Linux Servers
May 5, 2015
A family of Linux malware targeting Linux and BSD servers has been lurking around for five years. Dubbed "Linux/Mumblehard," the malware contains a backdoor and a spamming daemon, both written in Perl. The components are mainly Perl scripts encrypted and packed inside an executable and linkable format, or ELF, said Eset. In some cases, one ELF executable with a packer nests inside another.
Report: Top Endpoint Security Packages Perfectly Foil Drive-By Attacks
May 5, 2015
Drive-by attacks on the Internet are a particularly pernicious form of online threat, especially for individual Web surfers. On the corporate level, though, a company with good endpoint protection software can foil the malicious practice. A drive-by occurs when an infected website automatically downloads malware onto a Net traveler's computer. Endpoint solutions can thwart those kinds of attacks.
Steer Clear of iOS 8's Infinite Loop
May 1, 2015
A flaw in iOS 8 allows hackers essentially to crash apps that perform SSL communications whenever they like. Skycure reported the bug at the RSA security conference held last week, advising owners of iOS devices to upgrade to iOS 8.3. Apple this week confirmed that iOS 8.3 addresses the vulnerability. An attack would involve specially crafting an SSL certificate to regenerate a bug.
Apple Watch Could Be a Password Alternative
April 30, 2015
With password tolerance levels at an all time low, alternatives to the pesky and insecure authenticators are beginning to abound. One of those alternatives could be the Apple Watch. Even before Apple's latest gadget began shipping last week, MicroStrategy announced it was extending its Usher enterprise security solution to the Apple Watch. Usher on the Apple Watch allows it to act as a digital key.
IoT: Why Security Pros Need to Prepare Now
April 29, 2015
Have you ever heard of the Cullinan diamond? If you haven't, it was the largest diamond ever discovered: a 3106 carat diamond found in 1905 in South Africa. What's interesting about the Cullinan diamond isn't so much the discovery of the stone itself but what happened afterward: specifically, the cutting of the diamond. The Cullinan diamond was split into a number of smaller pieces.
China's Great Cannon Could Point Anywhere When Next Fuse Is Lit
April 16, 2015
China, which censors the Internet with its Great Firewall aka the "Golden Shield," has a new censorship tool that is causing alarm. It's known as the "Great Cannon." The University of Toronto's Citizen Lab identified the tool in a report released last week. The Great Cannon was first used in March, to launch a large-scale DDoS attack on GitHub and GreatFire.org, Citizen Lab said.
Ransomware Perps Put the Squeeze on Police
April 14, 2015
Five police departments in Maine, whose networks are linked together so they can share files, recently deposited bitcoins worth 300 euros into a Swiss bank account as ransom for their records. The departments' management system was locked down by ransomware that scrambled their data and rendered it unusable. The police decided to pay up after their experts failed to crack the ransomware code.
Chrome Web Store Gives Bad Extensions the Boot
April 10, 2015
Google recently purged some 200 extensions from its Chrome Store inventory. Extensions and add-ons let users add functions and features to the Chrome Web browser, but bad extensions can expose users to a greater risk of spyware and malware. A major problem with many browser add-ons is ad injectors. The clean-up resulted from increasing user complaints.
Heartbleed Threat Won't Fade Away
April 9, 2015
This week marks the first anniversary of the Heartbleed vulnerability that caused a panic across the Internet last year. While the flaw appears to have faded from the recollections of Net denizens, it still poses danger at many sites in cyberspace. Heartbleed was discovered in April 2014 in an open source library, OpenSSL, used by the SSL protocol.
No Need to Waste Brain Space on Yahoo Passwords
March 16, 2015
The way to permanently cure someone's headache is to cut off their head, and that appears to be the principle Yahoo has adopted with a new security policy announced Sunday. Users of Yahoo Mail no longer have to rack their brains to remember passwords, said Chris Stoner, director of product management. Instead, they can opt for on-demand passwords after signing in to their Yahoo.com account.
The CIA Has Been Hacking iOS for Years: Report
March 12, 2015
The CIA for years has been working to break iOS security, according to a report published Tuesday. The allegations are based on documents provided by NSA whistle-blower Edward Snowden. Researchers working with the CIA have presented their tactics and achievements at Trusted Computing Base Jamborees, secret annual gatherings that have been going on for nearly a decade.
Schumer to FAA: Straighten Up Cybersecurity and Fly Right
March 10, 2015
The United States Federal Aviation Administration should implement cybersecurity upgrades recommended by the U.S. Government Accountability Office immediately, or risk hackers taking over its computer systems, Sen. Charles Schumer, D-N.Y., has warned. The GAO last week released a report that found significant security control weaknesses in the FAA's computer systems.
Bracing for the Cyberthreat Deluge
March 6, 2015
Almost 17,000 malware alerts surface every week, the Ponemon Institute recently found. Only 4 percent of alerts were investigated, and traditional antivirus products missed nearly 70 percent of malware in the first hour, researchers discovered in a recent Damballa study. Rescanning led to identification of 66 percent of the malware in 24 hours and 72 percent after seven days.
Malicious Emailers Find Healthcare Firms Juicy Prey
February 26, 2015
Healthcare providers have garnered growing interest from hackers in recent months. More evidence of that trend appeared last week in a report on email trust. An email that appeared to come from a healthcare company was four times more likely to be fraudulent than an email purportedly from a social media company like Facebook, one of the largest creators of email on the Internet, Agari found.
Cyberthieves Bag a Billion in Snail-Speed Bank Heists
February 18, 2015
Criminals using Carbanak malware have stolen up to $1 billion from 100 financial institutions in Russia, China, Germany and the United States, Kaspersky Lab has revealed. The gang is expanding operations to other countries. Kaspersky has advised financial institutions to scan their networks for intrusion by Carbanak. "These are advanced threat actors," said Lancope CTO TK Keanini.
NSA Suspected of Spreading Super-Resistant Malware
February 17, 2015
Kaspersky Lab on Tuesday announced the discovery of what may be the most sophisticated malware ever. The malware's creators, whom Kaspersky has dubbed "The Equation Group," use a never-seen-before tactic to infect hard drives' firmware. The technique "makes traditional antivirus and antimalware software practically useless," said Protegrity VP of Products Yigal Rozenberg.
Bug Bounties Entice Researchers to Don White Hats
February 10, 2015
Bug bounty programs are used by individual software makers to improve the quality of their products, but they can have incidental benefits for all software makers, too. One of those is to encourage bug hunters to wear a white hat instead of a black one. When you make it easy for hackers to do the right thing, the majority will," noted Alex Rice, CTO of HackerOne.
Infected Android Apps From Google Play Affect Millions
February 4, 2015
The malware harbors fake ads that pop up when users unlock their devices, to warn them about nonexistent infections, or that their devices are out of date or have porn. Victims are then asked to take action. If they agree, they are redirected to poisoned Web pages that contain a variety of hazards. Google spokesperson Elizabeth Markman did not confirm how many devices had been hit.

See More Articles in Malware Section >>
Facebook Twitter LinkedIn Google+ RSS
Does technology create more jobs than it destroys?
Yes - The jobs new technologies create outnumber those lost due to machines replacing humans.
No- Companies fixated on cost-cutting are building workforces of robots and computers instead of people.