Malware & Vulnerabilities

Malware & vulnerabilities news, trends, analysis and practical advice

sony pictures water tower

north korea interview

FBI concludes North Korea was 'responsible' for Sony hack

North Korea was responsible for the devastating cyberattack on Sony Pictures, the FBI said Friday.

Here's what we know about North Korea's cyberarmy

The attack on Sony Pictures has put North Korea's cyberwarfare program in the spotlight. Here's what we know about it.

Critical vulnerability in Git clients puts developers at risk

A critical vulnerability in client software used to interact with Git, a distributed revision control system for managing source code repositories, allows attackers to execute rogue commands on computers used by developers.

grinch linux

The 'grinch' isn't a Linux vulnerability, Red Hat says

The "grinch" Linux vulnerability cited by Alert Logic on Tuesday isn't a vulnerability at all, Red Hat says.

Unlocked circuit board / security threat

Vulnerability in embedded Web server exposes millions of routers to hacking

A serious vulnerability in an embedded Web server used by many router models from different manufacturers allows remote attackers to take control of affected devices over the Internet.

Point-of-sale malware creators still in business with Spark

The Spark malware program steals payment card data from compromised point-of-sale (POS) systems and is likely a modification of the older Trojan called Alina.

sony headquarters

Sony cancels 'The Interview' release after threats following cyberattack

Sony Pictures on Wednesday canceled the Christmas Day release of its controversial comedy, "The Interview," after theater chains decided not to play the film following terrorist threats after a cyber attack.

Lawsuit filed against Sony after massive hack

Two former Sony Pictures employees have filed a lawsuit against the company alleging it didn't do enough to protect their personal information and prevent its loss in a massive cyberattack.

cybercrime

Holding masses of data, cybercriminals face hurdles cashing out

How much is hacked data worth? Hackers find it's not always so easy to monetize their ill-gotten goods.

FBI calls Sony hack 'organized' but declines to name source or finger North Korea

The FBI declined to name the source of the Sony Pictures hack during a U.S. Senate hearing Wednesday.

patch ie

Microsoft takes slow, cautious path to protecting IE against POODLE

Microsoft yesterday added an optional anti-POODLE defense to Internet Explorer 11 (IE11), and promised that additional protection would be switched on by default in two months.

alibaba group

Flaw in Alibaba's international e-commerce site put merchants at risk

An Israeli security firm has found a security flaw in Alibaba Group's international marketplace that could have wreaked havoc for the scores of merchants on the site.

Keurig 2.0 oops error message

Keurig 2.0 spoofing vulnerability: Hack bypasses coffee DRM, allows brewing of any pod

An amusing Keurig 2.0 spoofing vulnerability was posted on the Full Disclosure mailing list. A simple hack, using a piece of tape, provides a permanent fix that gets around Keurig 2.0 coffee DRM and instead allows any pod to be brewed...

patch ie

Patch Tuesday updates aim for Exchange and Explorer flaws

Microsoft has rolled out its latest round of "Patch Tuesday" security fixes, with fixes for Internet Explorer and Exchange Server topping the list of programs needing attention by IT administrators.

Microsoft tells Windows 10 users to uninstall Office

Microsoft today took the unusual step of telling users running Windows 10's Technical Preview to uninstall Office before applying one of today's Patch Tuesday updates.

cybercrime

Companies need to trust gov't on cybersecurity, DOJ says

The U.S. fight against cybercrime would be more effective if companies put more trust in the country's law enforcement agencies, a top U.S. Department of Justice official said.

open source linux

Turla espionage operation infects Linux systems with malware

A newly discovered malware program designed to infect Linux systems is tied to a sophisticated cyberespionage operation of Russian origin dubbed Epic Turla.

poodle tls

Now P.O.O.D.L.E. poos on flaw in TLS

F5 and A10 gear is vulnerable: Remember October's flap about the vulnerability in SSL, known as POODLE? Remember all the smug people running servers that only supported TLS? Well, they may not be so smug this morning. In IT Blogwatch,...

Load More