Four E-Commerce Tips for Retailers on How to Help Prevent Shopping Cart Abandonment
Welcome Guest | Sign In
TechNewsWorld.com
Apple Speeds iOS Patch to Bring Down Pegasus
August 26, 2016
Apple on Thursday issued a patch that addresses three recently discovered critical iOS zero-day vulnerabilities, and advised users to update their systems immediately. State-sponsored actors exploited the flaws to target United Arab Emirates human rights defender Ahmed Mansoor, and a Mexican journalist who reported on government corruption. Researchers have dubbed the flaws "Trident."
Super-Sophisticated Spyware Spotted After 5-Year Run
August 16, 2016
Symantec and Kaspersky Lab last week separately announced the discovery of a highly sophisticated APT that had eluded security researchers for at least five years. A previously unknown group called "Strider" has been using Remsec, an advanced tool that seems to be designed primarily for spying. Its code contains a reference to Sauron, the main villain in The Lord of the Rings.
Russia Plays the Cybervictim Card
August 11, 2016
Russia's FSB recently reported that it found a cyberspying virus in the computer networks of more than 20 state authorities and defense contractors. The claim that malware has infected various government and defense companies came in the midst of a flurry of accusations that Russia has engaged in cyberattacks against U.S. targets in an effort to impact the presidential election.
900 Million Androids Could Be Easy Prey for QuadRooter Exploits
August 9, 2016
Four newly identified vulnerabilities could affect 900 million Android devices, Check Point researchers disclosed. The vulnerabilities, which the researchers dubbed "QuadRooter," affect Android devices that use Qualcomm chipsets. They exist in the chipset software drivers. The drivers, which control communications between chipset components, are incorporated into Android builds.
Old Tech Can Create New Security Woes
August 3, 2016
"Patch your systems in a timely manner" is a mantra of security experts, but what happens when the patch well runs dry because a product's maker no longer supports it? That is a situation facing many large enterprises, and it's one that poses security risks. Between 30 percent and 50 percent of the hardware and software assets in the average large enterprise have reached their end-of-life date.
Public-Private Team Leads Assault on Ransomware
July 28, 2016
Ransomware has become a scourge on the Internet -- but two information security companies, along with a pair of law enforcement agencies, this week launched an initiative to do something about it. No More Ransom is the centerpiece of a collaborative effort involving Kapersky Lab, Intel Security, the Dutch National Police and Europol. The new portal aims to educate the public about ransomware.
Civil Rights Office Issues Ransomware Guidance
July 22, 2016
Ransomware infections are on the rise, and healthcare organizations are ripe targets, which may be why the federal government addressed the subject last week. Ransomware attacks have risen from about 1,000 a day last year to 4,000 a day this year, Symantec has reported. Many of those attacks are for small change, but some of the larger ones have been directed at healthcare providers.
The Internet of Medical Things, Part 3: Safety First
July 20, 2016
Though quick to capitalize on connected health devices and the coming Internet of Medical Things, hardware manufacturers may be moving too slowly when it comes to building the necessary protections into the back end. The National Security Agency last month told participants in a defense technology summit in Washington that it was looking into hacking connected medical devices.
Mobile Ransomware Has Mushroomed: Report
July 8, 2016
The number of mobile ransomware victims across the globe has increased fourfold compared to a year ago, suggests a Kaspersky Lab report. Kaspersky software protected 136,532 users targeted by ransomware from April 2015 to March 2016 -- up from 35,413. "The growth curve may be less than that seen for PC ransomware, but it is still significant enough to confirm a worrying trend," the report notes.
HummingBad Mucks Up Android's Works
July 6, 2016
More than 85 million Android devices worldwide have been taken over by the Yingmob, a group of China-based cybercriminals who created the HummingBad malware, according to Check Point. HummingBad establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps. HummingBad reportedly has been generating revenue of $300,000 a month.
Crime Pays: Ransomware Bosses Make $90K Annually
June 14, 2016
If crime doesn't pay, Russian ransomware bosses wouldn't know it. The average Russian ransomware boss makes $90,000 a year -- or 13 times the average income for citizens in the country who stick to the "straight and narrow," according to a recent Flashpoint study. What does a ransomware honcho do for those rubles? Basically, the job calls for supporting and maintaining the malware.
Twitter Users Snared in Dark Web's Brisk Password Trade
June 10, 2016
Data stolen from more than 32 million Twitter users has been offered for sale on the dark web for 10 bitcoin, or around $5,800, LeakedSource reported Wednesday. LeakedSource has added the account and email information to its searchable repository of compromised credentials. The data set came from someone who has been connected to other large collections of compromised data.
Banking Trojans Take Backseat to Ransomware
June 4, 2016
The banking trojan -- a type of malware used to steal credentials for bank accounts -- has been a staple of cyberthieves for years. However, ransomware, which has proven both easy to use and highly successful, has started eroding its popularity. In a typical banking trojan attack, a robber mounts a phishing campaign to entice a target to open an attachment or click on a link.
Gang Surrenders Key to TeslaCrypt Ransomware Kingdom
May 20, 2016
Eset on Wednesday announced that it has fashioned a free tool that victims of all variants of the TeslaCrypt ransomware can use to unlock affected files. After the criminal gang behind TeslaCrypt recently abandoned support of the malicious software, an Eset analyst contacted the group anonymously, using the channel offered to ransomware victims, and asked for the universal master decryption key.
Flaw Puts a Billion Wireless Mice at Risk
May 20, 2016
Wireless mice and keyboards are the perfect accessories for a world in which devices increasingly are shuffling off their connection coils, but those accessories -- especially untethered rodents -- also can create new threats for those who use them. One such threat is Mousejack. The attack exploits a vulnerability found in 80 percent of wireless mice.
Reddit Tech Forum May Ban Sites That Circumvent Ad Blockers
May 11, 2016
A forum on Reddit, /r/ Technology, on Monday announced it was considering blocking links to websites that require visitors to turn off their ad blockers before viewing content on the site. "It has come to our attention that many websites such as Forbes and Wired are now requiring users to disable ad blockers to view content," said creq, the moderator of the site. "We see this as a security risk."
Feds to Take a Hard Look at Mobile Device Patch Practices
May 11, 2016
The U.S. Federal Trade Commission and the Federal Communications Commission on Monday announced a joint investigation into the issue of mobile device security updates. The FTC issued an order requiring Apple, BlackBerry, Google, HTC America, LG Electronics USA, Microsoft, Motorola Mobility and Samsung Electronics America to provide information about how they issue security updates.
ISIS Cyberthreat: Puny but Gaining Power
May 5, 2016
The Islamic State group's cyberwar capabilities are unsophisticated, but they won't be that way for long. That was the conclusion of a 25-page report released last week by Flashpoint. The report, "Hacking for ISIS: The Emergent Cyber Threat Landscape," found that the Islamic State's "overall capabilities are neither advanced nor do they demonstrate sophisticated targeting."
Researchers Hijack Samsung's SmartThings IoT System
May 4, 2016
Researchers at the University of Michigan on Monday announced they had uncovered a series of vulnerabilities in the Samsung SmartThings home automation system that essentially could have allowed hackers to take control of various functions and break into a user's home. The researchers, working with Microsoft, were able to perform four proof-of-concept attacks.
Supreme Court Grants Federal Agents Broader Surveillance Authority
May 3, 2016
The U.S. Supreme Court has approved a series of amendments to the federal rules of criminal procedure that would let judges issue search warrants for computers located outside their jurisdiction. Chief Justice John Roberts announced the changes in the Court's interpretation of the rules. They would allow a judge to issue warrants to search for electronic evidence at remote sites, for example.
New Attack Technique Hides Spread of RATs in Asia
April 27, 2016
SentinelOne last week announced that it has detected a technique being used in Asia to infect systems with remote access Trojans that ensures that the payload remains in memory throughout its execution and doesn't touch the victim's computer disk in an unencrypted state. Attackers remain hidden from antivirus and next-generation technologies that focus only on file-based threats.
Windows Users Warned to Dump QuickTime Pronto
April 16, 2016
The U.S. Department of Homeland Security on Thursday issued a warning to remove Apple's QuickTime for Windows. The alert came in response to Trend Micro's report of two security flaws in the software, which will never be patched because Apple has ended support for QuickTime for Windows. Computers running QuickTime are open to increased risk of malicious attack or data loss, US-CERT warned.
Adobe Issues Emergency Patch to Head Off Flash Ransomware Attacks
April 11, 2016
Adobe last week issued an emergency security patch to fix a vulnerability in Flash that could leave users vulnerable to a ransomware attack. The vulnerability exists in Adobe Flash Player 21.0.0.197 and earlier versions for Windows, Macintosh, Linux and Chrome operating systems. It can cause a crash and leave the computer vulnerable to attackers, the company said.
DC Healthcare Provider Limps On After Malware Attack
April 1, 2016
Despite its computer systems being infected with malware since Monday, MedStar Health, which operates 10 hospitals and more than 250 outpatient facilities in and around Washington, D.C., has continued to provide patient care at near normal levels, according to several updates released this week. Since the malware attack occurred, MedStar Health has treated an average of 3,380 patients a day.
Ransomware's Aftermath Can Be More Costly Than Ransom
March 24, 2016
Downtime caused by a ransomware attack can cost a company more than paying a ransom to recover data encrypted by the malware, according to a report released last week by Intermedia. Nearly three-quarters (72 percent) of companies infected with ransomware could not access their data for at least two days because of the incident, and 32 percent couldn't access their data for five days or more.
Malware Exploits Apple DRM to Infect iPhones
March 19, 2016
Security researchers at Palo Alto Networks Unit 42 on Wednesday announced they had discovered in the wild a method of infecting nonjailbroken iPhones with malware by exploiting design flaws in Apple's digital rights management technology. The flaw has been exploited since 2013 largely as a means to pirate iOS software, but this is the first time it's been used to infect iPhones with malware.
Apple Ransomware Reveals Cert Problem
March 17, 2016
Researchers last week discovered the first ransomware in the wild aimed at Apple's hardware platform. While the threat was subdued quickly, it exposed the weakness of digital certificates in authenticating software to devices. The ransomware appeared as a legitimate application because it contained a digital certificate stolen from a bona fide Mac developer in Turkey.
Ransomware Plague Spreads to Macs
March 8, 2016
Researchers at Palo Alto Networks last week announced that they had found the first ransomware in the wild aimed at Macintosh computers, but Apple and one of its developers quickly neutered it. The ransomware -- a malware program that scrambles data on a computer and won't unscramble it unless a ransom is paid -- was embedded in software for installing an OS X app for sharing files on BitTorrent.
Malvertisers Use Digital Fingerprints to Avoid Detection
March 4, 2016
In the world of computer security, fingerprints are found in more places than where the tips of hands touch. That's because the term is applied to any data set that can be used to make a unique identification. Antifraud programs online retailers use can identify customers by the structure of the files on their computers. In fact, the technique works so well, malicious actors use it.
Operation Blockbuster Brings the Fight to Sony Hackers
February 25, 2016
Operation Blockbuster, a coalition of security companies led by Novetta, on Wednesday published a report detailing the activities of the Lazarus Group, the organization responsible for the 2014 cyberattack against Sony Pictures Entertainment. Researchers last week published detection signatures to the companies' respective software in the hope of disrupting the group's activities.
See More Articles in Malware Section >>
Facebook Twitter LinkedIn Google+ RSS
Is fake news a major problem?
Yes -- people don't know which news to trust.
No -- it's very easy to spot.
Yes -- it's propaganda warfare, and the U.S. is losing.
No -- people have always believed what suited them.
Yes -- but only temporarily, as people are catching on.
No -- much of it actually isn't fake.