Much like malware that was discovered last year, a new Trojan has been reported that relies on detecting mouse clicks to evade sandbox analysis. BaneChant masquerades as a Word document and incorporates advanced evasion techniques making it stealthier than its predecessor.
Tibetan activists in China as well as those living in exile around the world are being targeted by dangerous malware that not only steals data from infected computers, but also has graduated to reporting location data from mobile devices for surveillance purposes.
The CIO of the U.S. Army failed to put in place a comprehensive security program capable of protecting data stored on commercial mobile devices such as iPhones and Androids, leaving sensitive information in key Army installations exposed. The Inspector General of the Department of Defense took the Army CIO to task in a new report, saying that the CIO "did not implement an effective cybersecurity program for [commercial mobile devices]".
A handful of Apple developers have found their iMessage accounts the victim of what’s being loosely referred to as a series of denial-of-service attacks. Using rapid-fire AppleScript texts, attackers have been sending many messages at a time to about half a dozen iOS developers over the last week.
The call-center equivalent of network-based denial-of-service attacks, known as telephony denial-of-service (TDoS), have targeted emergency services among other industries, enough to garner attention from the Department of Homeland Security, Federal Bureau of Investigation, Federal Communications Commission and others in an confidential alert memo, Krebs on Security reported.
Alma Whitten, the director of privacy at Google, is stepping down from that role and leaves behind her a complicated legacy in regards to user privacy. Whitten has been the company's top product and engineering privacy official since 2010 and was at the helm as the company navigated a number of serious privacy scandals and controversies.
It’s the ultimate what-if scenario: What if an attacker could own all the customer premises equipment (CPE) doled out by ISPs such as routers and modems? Would it be trivial with available scanning equipment and other tools to find vulnerable gear, and then modify and re-upload the firmware to be able do anything such as control Web traffic, launch DDoS attacks, or even disconnect large blocks of machines from the Internet?
Microsoft said it has received 70,000 reports this week of a new Trojan disguised as an Adobe Flash Player update that will change your browser’s home page and redirect a Web session to an attacker’s page.
Some spammers, looking to launder the dirty links they email you, are relying on the positive reputation of Google Translate to redirect victims to rogue websites. Researchers at Barracuda Labs who maintain the company’s spam honeypots have spotted a rash of illicit messages trying to beat reputation filters by using this tactic.
At least one group of cybercriminals has taken to Evernote, the popular cloud-based note-taking and data-sharing service, as a base of operations for a data stealing Trojan, according to TrendMicro threat response engineer Nikko Tamana.
For some perspective on what 300 Gbps of traffic represents, let’s just pretend that your company, as a potential customer, put this massive volume of bits and bytes in front of 20 of the leading Internet service providers. Chances are, all but three or four will tell you “Thanks, but no thanks, we can’t handle your business.”
Dennis Fisher talks with Chris Wysopal of Veracode about his journey from a teenage BBS user to member of the L0pht to respected security researcher. Known as Weld Pond since his days at the L0pht, Chris also discussed his time at @stake and how the L0pht's road trip to DC to testify before Congress almost went very wrong.
You are missing some Flash content that should appear here! Perhaps your browser cannot display it, or maybe it did not initialize correctly.
Cisco Systems issued seven security updates yesterday, all of which patched vulnerabilities in the networking giant’s internetwork operating system (IOS), the software it deploys on the majority of its routers and network switches.
There is a critical vulnerability in several current versions of the BIND nameserver software that could allow an attacker to knock vulnerable DNS servers offline or compromise other applications running on those machines. The bug is present in several versions of the ubiquitous BIND software and the maintainers of the application have released a patch for it that they recommend users install as soon as possible.
So you thought the 100 Gbps distributed denial-of-service attacks against U.S. banks were big? Ongoing attacks against Spamhaus have three times the fury and have affected unrelated online services as collateral damage.
It was revealed in the last week that those who apply for jobs through the GCHQ’s recruitment portal are emailed their password in plain text after filling out the forgotten password feature on the site.
UPDATE - With companies flocking to cloud services such as Amazon Simple Storage Service (S3) to store and serve static content on the cheap, naturally they’re making simple mistakes in doing so—and naturally, a savvy attacker is able to cash in.