OpManager: A single console to manage your complete IT infrastructure. Click here for a 30-day free trial.
Welcome Guest | Sign In
TechNewsWorld.com
CyberSource Peak Season Fraud Management Guide
Banking Trojan Targets Petrochemical Outfits
September 23, 2014
The pernicious program Citadel has been around for awhile, but it's using some new tricks on new targets. From its humble origins as a "man in the browser" thief of banking credentials, Citadel has become a knave of all trades. Once it lands on a computer, it can be configured in a number of ways with a file from a server operated by Web predators.
Phishing Scam Ensnares eBay Shoppers
September 23, 2014
Attackers for months have been using eBay listings to redirect visitors to password-harvesting scam sites. They use cross-site scripting to hijack shoppers and trick them into handing over personal data. Smartphones, televisions, hot tubs and clothing are among the items supposedly for sale in listings infected with malicious Javascript code. eBay reportedly has been slow to address the issue.
Home Depot Gives 56 Million Customers a Heads Up
September 19, 2014
Home Depot on Thursday said it had excised the malware demon from its computerized payment system after its recent discovery of a security breach in which thieves stole records of 56 million credit cards. Home Depot stopped short of admitting that an ongoing security upgrade may have contributed to the breach. Efforts to harden the system with enhanced encryption are under way.
Web-Surfing Adults More Infection-Prone Than Teens
September 16, 2014
American teens spend a lot more time online than older Web surfers, yet it doesn't seem to increase their vulnerability to malicious activity. Teens last year spent a little more than four hours a day on the Net, while adults in the 50-to-64 age bracket burned two hours, 41 minutes online daily, MarketingCharts found. Those numbers piqued the interest of Enigma Software.
XSS Flaw Burns a Hole in Kindle Security
September 16, 2014
Security consultant Benjamin Mussler last week warned that the Kindle e-book library had a cross-site scripting vulnerability. It appears Amazon previously had fixed the XSS flaw but two months ago reintroduced it in a new version of the "Manage Your Kindle" Web application, according to Mussler. People who download pirated e-books are at greatest risk, he said.
Salesforce Issues Dyre Warning
September 10, 2014
Salesforce.com this week notified its customers that the Dyre malware, which typically targets customers of large financial institutions, might have been tweaked to target some Salesforce users as well. There was no evidence that any Salesforce customers had been impacted, the company said, but if any customer should be affected, it would provide guidance.
Botnet Twists the Knife in iCloud Security
September 10, 2014
Hot on the heels of hackers stealing celebrities' nude photos from their iCloud accounts and posting them on the Web comes news that iCloud users are being targeted again. The Kelihos botnet is sending emails purporting to be from Apple, informing targets they have purchased a film through their iTunes account using a PC or other device not previously linked to their Apple ID.
Home Depot All But Confirms Doozy of a Data Breach
September 03, 2014
Home Depot may have experienced a massive security breach -- possibly on a greater scale than last year's Target breach, which affected an estimated 110 million people. Home Depot said it was investigating the possibility, following security researcher Brian Krebs' Tuesday alert. It appears the perpetrators are the same hackers responsible for the data breaches at Target and elsewhere.
Admins Grapple With Shadow Tech
September 03, 2014
If you want to see an IT pro twitch, bring up Shadow IT in a conversation. "Shadow IT" is a term applied to technology deployed by an organization's users outside the purview of the IT department. It's bothersome to system shepherds because it can open up an organization to data leakages. It's also growing. Many Shadow IT programs run in the cloud, but all clouds are not created equal.
Hacker Attacks on Healthcare Providers Jump 600 Percent
August 28, 2014
The recent data breach at Community Health Systems, in which Chinese hackers stole the personal information of 4.3 million patients, was another sign of a disturbing trend: Healthcare providers are coming under cyberattack at an alarming rate. "We've seen a 600 percent increase in attacks on the healthcare sector in the last 10 months," said Carl Leonard, senior manager at Websense Security Labs.
Sony DDoS Attack May Have Been Smokescreen
August 25, 2014
Sony's PlayStation and Sony Entertainment networks were taken down over the weekend by a distributed denial of service attack. The hackers, who call themselves the "Lizard Squad," also forced authorities to divert a plane Sony Entertainment president was on by tweeting that there might be a bomb on board. A hacker with the handle "FamedGod" later claimed responsibility for the DDoS attack.
Is Open Source an Open Invitation to Hack Webmail Encryption?
August 21, 2014
In a move influenced by Edward Snowden's revelations about the NSA's email snooping, Yahoo and Google last week announced that they were cooperating on end-to-end encrypting their webmail products. While the open source approach has proven its value over and over again, the idea of opening up the code for security features to anyone with eyeballs still creates anxiety in some circles.
Mobile App Attacks: No Malware, No Problem
August 19, 2014
Traditional attack methods, like those used with the recent mobile online banking Trojan Svpeng, involve the installation of malware on the device to steal information and commit fraud. However, new techniques are emerging that would enable an attacker to compromise a device and steal private information from the owner -- for example, the typical copycat app on a third-party app store.
Retailers Harassed by Backoff Malware
August 05, 2014
The U.S. Department of Homeland Security last week sounded an alarm warning retailers of a family of malicious programs aimed at compromising point-of-sale systems. Attackers used such software last year in massive data breaches that nicked millions of consumer records at Target and Nieman Marcus. Variants of the Backoff family have turned up in at least three forensic investigations.
That Innocent Little Thumb Drive Could Be Big Security Trouble
August 01, 2014
USB flash drives could be at risk of a pernicious attack on their firmware. Over the past two decades, USB devices, aka "thumb drives," have proliferated all over the world, because USB has proven to be a versatile standard. That versatility, though, also makes USB devices vulnerable to what could be a very nasty firmware attack, noted Karsten Nohl and Jakob Lell of Secure Research Labs.
Android's Fake ID Could Put Millions in Jeopardy
July 30, 2014
An Android vulnerability that exists in every version from v2.1 Eclair to v. 4.3 Jelly Bean could expose millions of users, Bluebox Security has warned. The flaw lets attackers fake the certificates of specially privileged parties, such as Adobe and Google Wallet, and serve them up with malware that bypasses detection by Android. Attackers then can take over every app running on an Android device.
Gameover Zombies on the March Again
July 17, 2014
The Gameover botnet is back, more or less, only six weeks or so after the Justice Department announced that an FBI-led multinational effort had disrupted it. Still, the botnet's downtime was longer than expected -- the UK's National Crime Agency had warned that the people running it would regain control within two weeks. Sophos this week spotted a new version of the malware.
Windows XP Hacked, Supply Chain Poisoned
July 16, 2014
A supply chain compromise is a security pro's worst nightmare. The thought of malware being planted on computer devices before they leave the factory sends shivers down a cyberdefender's spine. A disturbing case of such poisoning was reported last week by researchers at TrapX. The researchers found an APT was being used to infect a version of Windows XP embedded on devices.
Google's Project Zero Cybersecurity Watch: No Excuses
July 15, 2014
Google on Tuesday announced Project Zero, an effort to speed up the security bug-fixing process. A team of cybersecurity experts will go after vulnerabilities in any and all software, notify the vendors, and then file bug reports in a public database so users can track the issuance of patches. The Project Zero team has promised to send bug reports to vendors in as close to real-time as possible.
What's Eating Internet Security?
July 15, 2014
It's a given that hackers can and do penetrate websites with laughable ease, ranging from those of retailers to those of the United States government. It certainly doesn't help the security-minded to know that the U.S. National Security Agency and other countries' spy agencies, including the UK's GCHQ and the West German intelligence agency, are tapping into online communications at will.
Critical Infrastructure Companies Lack Cyberdefenses
July 11, 2014
Companies providing the world's critical infrastructure are woefully unprepared for cyberattacks despite the increasing threat level, evidenced by the release of the Stuxnet worm and the Shamoon virus in recent years, found a survey conducted by the Ponemon Institute and Unisys. Nearly 70 percent of the 599 surveyed companies in the past 12 months have reported at least one security breach.
Report: Malware Poisons One-Third of World's Computers
July 09, 2014
Nearly one-third of the world's computers could be infected with malware, suggests a report released last week by the Anti-Phishing Working Group. Malicious apps invaded 32.77 percent of the world's computers, a more than 4 percent jump from the previous quarter's 28.39 percent, it estimates. The increase in infected computers has come hand-in-hand with a jump in the appearance of malware samples.
Dragonfly Swoops Down on Energy Firms
July 01, 2014
The energy industry in the United States and Europe is being targeted by a cybercriminal gang that's suspected of being state-sponsored and has links to Russia. Known variously as "Dragonfly" and "Energetic Bear," the group has been operating at least since 2011. Its focus appears to be espionage and persistent access, with a side dish of sabotage as required, Symantec said.
To Pay or Not to Pay - That's the Ransomware Question
June 24, 2014
Ransomware is a growing problem for consumers and businesses alike. In Symantec's most recent quarterly security report, the company's researchers found all targeted attacks -- including ransomware -- grew 91 percent year-over-year. That's raising a big question for those targeted by cyberextortionists: Should the ransom be paid? Security experts generally say no, but some insert a caveat or two.

See More Articles in Malware Section >>
Facebook Twitter LinkedIn Google+ RSS