Feed aggregator

Much like malware that was discovered last year, a new Trojan has been reported that relies on detecting mouse clicks to evade sandbox analysis. BaneChant masquerades as a Word document and incorporates advanced evasion techniques making it stealthier than its predecessor.

read more

Tibetan activists in China as well as those living in exile around the world are being targeted by dangerous malware that not only steals data from infected computers, but also has graduated to reporting location data from mobile devices for surveillance purposes.

read more

The CIO of the U.S. Army failed to put in place a comprehensive security program capable of protecting data stored on commercial mobile devices such as iPhones and Androids, leaving sensitive information in key Army installations exposed. The Inspector General of the Department of Defense took the Army CIO to task in a new report, saying that the CIO "did not implement an effective cybersecurity program for [commercial mobile devices]".

read more

A handful of Apple developers have found their iMessage accounts the victim of what’s being loosely referred to as a series of denial-of-service attacks. Using rapid-fire AppleScript texts, attackers have been sending many messages at a time to about half a dozen iOS developers over the last week.

read more

The call-center equivalent of network-based denial-of-service attacks, known as telephony denial-of-service (TDoS), have targeted emergency services among other industries, enough to garner attention from the Department of Homeland Security, Federal Bureau of Investigation, Federal Communications Commission and others in an confidential alert memo, Krebs on Security reported.

read more

Alma Whitten, the director of privacy at Google, is stepping down from that role and leaves behind her a complicated legacy in regards to user privacy. Whitten has been the company's top product and engineering privacy official since 2010 and was at the helm as the company navigated a number of serious privacy scandals and controversies.

read more

It’s the ultimate what-if scenario: What if an attacker could own all the customer premises equipment (CPE) doled out by ISPs such as routers and modems? Would it be trivial with available scanning equipment and other tools to find vulnerable gear, and then modify and re-upload the firmware to be able do anything such as control Web traffic, launch DDoS attacks, or even disconnect large blocks of machines from the Internet?

read more

"If the Internet felt a bit more sluggish for you over the last few days in Europe, this may be part of the reason why."

Look out for email attachments offering better sex tips and news about newly developed Chinese stealth frigates, because they are loaded with malware, according to a Securelist report written by Kaspersky Lab expert, Ben Godwood.

read more

Microsoft said it has received 70,000 reports this week of a new Trojan disguised as an Adobe Flash Player update that will change your browser’s home page and redirect a Web session to an attacker’s page.

read more

Over the last few months we have seen a series of very similar targeted attacks being blocked in our Linux Mail Security Product.

Some spammers, looking to launder the dirty links they email you, are relying on the positive reputation of Google Translate to redirect victims to rogue websites. Researchers at Barracuda Labs who maintain the company’s spam honeypots have spotted a rash of illicit messages trying to beat reputation filters by using this tactic.

read more

At least one group of cybercriminals has taken to Evernote, the popular cloud-based note-taking and data-sharing service, as a base of operations for a data stealing Trojan, according to TrendMicro threat response engineer Nikko Tamana.

read more

For some perspective on what 300 Gbps of traffic represents, let’s just pretend that your company, as a potential customer, put this massive volume of bits and bytes in front of 20 of the leading Internet service providers. Chances are, all but three or four will tell you “Thanks, but no thanks, we can’t handle your business.”

read more

Dennis Fisher talks with Chris Wysopal of Veracode about his journey from a teenage BBS user to member of the L0pht to respected security researcher. Known as Weld Pond since his days at the L0pht, Chris also discussed his time at @stake and how the L0pht's road trip to DC to testify before Congress almost went very wrong.

You are missing some Flash content that should appear here! Perhaps your browser cannot display it, or maybe it did not initialize correctly.

read more

Cisco Systems issued seven security updates yesterday, all of which patched vulnerabilities in the networking giant’s internetwork operating system (IOS), the software it deploys on the majority of its routers and network switches.

read more

There is a critical vulnerability in several current versions of the BIND nameserver software that could allow an attacker to knock vulnerable DNS servers offline or compromise other applications running on those machines. The bug is present in several versions of the ubiquitous BIND software and the maintainers of the application have released a patch for it that they recommend users install as soon as possible.

read more

So you thought the 100 Gbps distributed denial-of-service attacks against U.S. banks were big? Ongoing attacks against Spamhaus have three times the fury and have affected unrelated online services as collateral damage.

read more

The Government Communications Headquarters (GCHQ), one of Britain’s top intelligence agencies, has admitted it sometimes emails passwords in plain text to those who apply for jobs on its site.

It was revealed in the last week that those who apply for jobs through the GCHQ’s recruitment portal are emailed their password in plain text after filling out the forgotten password feature on the site.

read more

UPDATE - With companies flocking to cloud services such as Amazon Simple Storage Service (S3) to store and serve static content on the cheap, naturally they’re making simple mistakes in doing so—and naturally, a savvy attacker is able to cash in.

read more