Feed aggregator

SAN JUAN, Puerto Rico – The world of SCADA and industrial control system vulnerabilities is starting to mirror that of IT security, not only in the demonstration and exploitation of zero-day vulnerabilities, but in the brokering of flaws and exploits between hackers and organizations interested in buying research.

read more

Chris Soghoian of the ACLU discusses the looming crisis of mobile security caused by the failure of mobile carriers to push Android updates to users at the Kaspersky Lab Security Analyst Summit Monday.

read more

Google Chrome users, among others, couldn't access some of the most popular Web sites Monday after an advertising network's corporate Web site was injected with malware. But, according to the ad company's chief executive, those sites were safe.

read more

Hoping to ramp up privacy on mobile devices such as smartphones and tablets, the Federal Trade Commission (FTC) has released a series of suggestions to help app developers, advertising networks and device companies better protect their users online.

read more

Hackers targeted and compromised computer networks at United States Department of Energy headquarters in Washington DC two weeks ago, according to a report published by the Washington Free Beacon earlier this morning.

read more

SAN JUAN, Puerto Rico – It’s the vulnerability that never was. Or was it?

read more

SAN JUAN, Puerto Rico -- Activist Chris Soghoian, whom in the past has targeted zero-day brokers with his work, has turned his attention toward wireless carriers and their reluctance to provide regular device updates to Android mobile devices.

read more

SAN JUAN, PUERTO RICO--The attack that resulted in the compromise of RSA's SecurID database in 2011 had a lot of ramifications and sent shockwaves through much of the security industry. But it could have had much broader consequences had the security team at Lockheed Martin not discovered the same attack team on its own network and taken actions to shut them down.

read more

Following in the wake of the vOlk (Mexico) and S.A.P.Z. (Peru) botnets comes PiceBOT, a newbie to the Latin American cybercrime scene. The cost on the black market is currently around $140.

Banking malware has primarily been just that, an attack tool used against financial institutions to steal money from online bank accounts. But what if cybercrime gangs decided to flip that on its head, and use malware such as the Citadel banking Trojan to steal credentials from not only banks, but government agencies and commercial businesses?

read more

Some systems running older versions of Juniper Networks’ Junos OS software could be vulnerable to a transmission control protocol (TCP) flaw that can enable a hacker to crash and reboot certain routers.

read more

Of all the problems that entrepreneur Kim Dotcom has faced in the last decade, including several arrests, insider trading charges and even a raid on his New Zealand home involving black helicopters and dozens of agents in body armor, the criticism of the cryptography employed by his new Mega cloud-storage service would seem to be fairly low on the list. However, Dotcom is taking that criticism rather personally, if the €10,000 reward he's offering to anyone who can break the service's crypto is any indication.

read more

Users of inexpensive Android smartphones typically look for ways to accelerate their devices, for example, by freeing up memory. Demand for software that makes smartphones work a little faster creates supply, some of which happens to be malicious. In addition to legitimate applications, apps that only pretend to clean up the system have appeared on Google Play.

Vulnerable programs are among the most commonplace ways to attack victims and steal personal data.

Researchers at Australia-based BitDefender say they've found how some Yahoo Mail accounts are being hijacked, and it leads back to "buggy" blog software Yahoo's developers used.

read more

The Chinese group behind the targeted attack on the New York Times was laser focused on accessing the email of a reporter and the newspaper’s former Beijing bureau chief to the point that it used an inordinate number of custom malware samples to get the job done.

“In terms of statistics, 45 [custom malware samples] as a ratio to the number of computers involved, 53, is a high ratio,” said Richard Bejtlich, chief security officer of Mandiant, the forensics firm hired by the Times to investigate the targeted attack. “Usually, you’ll see one or two for the relatively small number of systems involved.”

read more

There aren't many things that count as surprises anymore in the security industry. And the news today that The New York Times was penetrated by a team of Chinese attackers who apparently had access to large amounts of employee emails for several months certainly doesn't fall into that category. It would be news if these attackers weren't targeting The Times and other large media companies. What's interesting and novel is that the company decided to out itself as a victim, signing up for what may be a large dose of public scorn and derisive laughter.

read more

While Android malware continues to grow faster than other malware types, it still accounts for only a minute fraction of all malware on the Web, according to Cisco’s annual security report released this week.

Compromised websites hosting malicious Java and iFrame attacks and other malware far and away outpaces all other delivery vectors for malware, Cisco’s report said.

read more

A buffer overflow could occur in VideoLAN's VLC cross-platform multimedia player when attempting to parse a specially crafted advanced systems format (ASF) movie, a researcher reported.

read more

NEW YORK--The long list of high-profile cyberespionage and cybercrime attacks that have surfaced in the last couple of years has led to broad discussions in the security community, government circles and elsewhere about the scope of the problem. Those discussions now are just starting to reach into the boardroom, and security experts say that any CEO who isn't concerned about this problem is living in the past.

read more