Feed aggregator

Evernote, the online service that enables users to store and sync all kinds of data across multiple devices, has become the latest major Web property to suffer a serious intrusion. The company said on Saturday that attackers had compromised some user information, including email addresses and hashed passwords. 

read more

With Dennis Fisher out of pocket at the RSA Conference in San Francisco, Ryan Naraine hijacks the Digital Underground podcast and gets on the phone with Kaspersky Lab research guru Costin Raiu to talk about the intricacies of the miniDuke malware campaign.

You are missing some Flash content that should appear here! Perhaps your browser cannot display it, or maybe it did not initialize correctly.

read more

It appears the breach of cloud-based storage service Dropbox last year has spurned another wave of spam over the last week or so. Users began posting complaints on the service’s Bugs and Troubleshooting forum yesterday claiming that their Dropbox-specific accounts started receiving spam again last weekend.

read more

After a glorious 72-hour stretch without one, security researchers confirmed yesterday that they found yet another zero-day vulnerability in Oracle’s thoroughly troubled Java platform.

read more

On Thursday the Chinese government, long considered the aggressor in highly publicized U.S. cyberattacks, publicly spoke about being the victim. Two of its military Web sites were attacked an average of 144,000 per month and two-thirds of those strikes came from the United States, according to a ministry spokesman.

read more

The cost of a botnet is contingent largely upon the physical location of the malware-infected computers inside of it. Therefore, a botnet containing only American or European machines is worth more than one with machines from less prosperous nations.

read more

The fifth part of our regular overview of mobile malware evolution was published one year ago, and now it’s time to review the events of 2012 to see just how accurate our forecasts were

SAN FRANCISCO – People who interact with online services have mounting privacy expectations that run in parallel with their need for a full experience with the functionality central to those services. But can users have their privacy cake and eat it too?

read more

SAN FRANCISCO--The discipline of software security has been gaining traction in a lot of organizations both large and small in recent years, thanks in part to the success that vendors such as Microsoft, Adobe and others have had with it. However, for many companies, the time and money spent on software security initiatives could be put to better use simply fixing flaws after products ship or are deployed, an expert said during a constructed debate.

read more

A series of targeted attacks are continuing to bully a signed Nvidia application into dropping a backdoor that lets attackers root their way through the systems of Tibetan sympathizers.

read more

New espionage malware has been discovered that targets a patched sandbox-bypass vulnerability in Adobe Reader. The attacks have hit a relatively small number of government victims in 23 countries, primarily in Europe, and rely on a string of unusual tactics, including the use of steganography to hide backdoor code, as well as the capability to reach out to Twitter accounts created by the attackers for links to command and control servers.

read more

New Adobe PDFs exploiting CVE-2013-0640 drop sophisticated malware known as "MiniDuke".

Researchers on Tuesday said they have proof the Stuxnet worm used to cripple Iran's nuclear program has been in the wild two years longer than first believed. There's also now evidence the military-grade malware's origins date back to 2005, and possibly earlier.

read more

SAN FRANCISCO – Down goes Kelihos—again.

The third version of the prolific peer-to-peer botnet responsible for volumes of pharmaceutical spam, Bitcoin wallet theft and credential harvesting was shut down before a live audience today at RSA Conference 2013.

read more

Adobe released yet another security update for its Flash Player product, it’s third this month, earlier today. The emergency update patches three vulnerabilities, including two critical (CVE-2013-0643 and CVE-2013-0648) that are targeting Flash Player in Mozilla’s Firefox browser and could let an attacker crash and compromise affected systems.

read more

SAN FRANCISCO--In the current climate of continuous attacks and intrusions by APT crews, government-sponsored groups and others organizations, cryptography is becoming less and less important and defenders need to start thinking about new ways to protect data on systems that they assume are compromised, one of the fathers of public-key cryptography said Tuesday. Adi Shamir, who helped design the original RSA algorithm, said that security experts should be preparing for a "post-cryptography" world.

read more

Website hosting provider cPanel is calling on some users to change their passwords after it informed them on Friday that hackers compromised one of its technical support department’s servers. The hosting provider does not know for certain the extent of the hack or what, if any, information was stolen during the compromise.

read more

Social media supersite Facebook has fixed a vulnerability that could have allowed a hacker to access a user’s account simply by getting them to click through to a specially crafted website. The flaw essentially mimicked the functionality of an authentic Facebook application without actually installing an application to their profile.

read more