Malware & Vulnerabilities

Malware & vulnerabilities news, trends, analysis and practical advice

eyes 492914 1920
office of personnel management

cybercrime

Cybercriminals adopt just-patched zero-day Flash exploit

It only took four days for a recently patched vulnerability in Flash Player to show up in large-scale attacks.

encryption

Software developers aren't implementing encryption correctly

Despite a big push to use encryption to fight security breaches, lack of expertise among developers and overly complex libraries have led to widespread implementation failures.

Trojan that hides inside images infects healthcare organizations

A computer Trojan that hides its malicious code inside PNG image files counts healthcare organizations in the U.S. among its primary targets.

security risk thinkstock keyboard

Samsung cripples Windows Update on its PCs, putting customers at risk

Samsung has been disabling Microsoft's Windows Update on its desktops and notebooks, leaving customers vulnerable to malware that targets already-patched vulnerabilities.

cybercrime

Man sentenced for powerful Blackshades malware

The creator of a tool that was used to steal data from a half-million computers will go to prison for close to five years, the U.S. Department of Justice said.

Sapphire Now 2015

SAP Hana users warned of security vulnerability

A security researcher is warning of a potentially serious vulnerability in the in-memory platform SAP Hana.

samsung swiftkey vulnerability

Huge Samsung Galaxy security flaw (updated with Samsung statement)

Ryan Welton warns of man-in-the-middle hacks. 600 million Samsung Galaxy phones are vulnerable to a nasty bug in the keyboard, thanks to a custom SwiftKey build. And the only patch can come from wireless carriers: This is massive...

Many software apps insecure by design due to buggy components

Many commercial software companies and enterprise in-house developers are churning out applications that are insecure by design due to the rapid and often uncontrolled use of open-source components.

data breach

Online password locker LastPass hacked

LastPass users will need to change their master passwords after the online password locker firm reported that its network was breached on Friday.

data breach map intro

U.S. now fears second major breach exposed more employee data

A second major data breach that might reveal far more personal and damaging information on U.S. government workers appears to have hit the Office of Personnel Management.

Unlocked circuit board / security threat

Hacked data on millions of US gov't workers was unencrypted

A union representing U.S. government workers says detailed personal information on millions of federal employees that was stolen by hackers was not encrypted.

eugene kaspersky

Duqu 2.0 hackers may have cracked Kaspersky to recon research

Eugene Kaspersky, the Russian whose namesake company acknowledged that it had been infected with top-tier malware, struggled during a press conference to come up with reasons why the hackers targeted his firm.

Duqu 2.0 Kaspersky

Hackers PWNED Kaspersky Lab servers for months -- Duqu 2.0 blamed on Israel

In Kaspersky's Russia, phisher spear YOU: Duqu 2.0 infection causes panic. But did Israel do it? Signs point to "yes."

EZ tech support office

'Your PC may be infected!' (The shady world of antivirus telemarketing)

Consumer antivirus software has become a highly competitive business that's drawn all types of players, some of whom specialize more in marketing than security.

band-aid patch bandage

VMware patches virtual machine escape flaw on Windows

VMware has released security updates for several of its virtualization products to address critical flaws that could allow attackers to break out of virtual machines and execute rogue code on the host operating systems.

cybercrime

Duqu cyberespionage group compromised venues hosting Iran nuke talks

A state-sponsored espionage group that uses a malware platform called Duqu has compromised the computer networks of several hotels and venues that hosted negotiations over Iran's nuclear program.

patch ie

Microsoft fixes buggy browser in Patch Tuesday update

Internet Explorer got two dozen fixes in June's Patch Tuesday update, including 20 that cover critical vulnerabilities.

U.S. Army website defaced, and brought down

The U.S. Army's website was defaced and later brought down Monday, with the Syrian Electronic Army claiming responsibility.

Load More