Malware & Vulnerabilities

Malware & vulnerabilities news, trends, analysis and practical advice

Large-scale attack uses browsers to hijack routers

Cybercriminals have devised a Web-based attack tool to hijack routers when users visit compromised websites or view malicious advertisements.

Netgear and ZyXEL confirm NetUSB flaw

ZyXEL Communications and Netgear have confirmed that some of their routers are affected by a recently disclosed vulnerability in a USB device-sharing service called NetUSB.

security alert

Logjam: How to tell if your browser is vulnerable

The just-disclosed Logjam flaw has again sent browser makers and website administrators scrambling to craft and apply patches, a repeat of the March rush to shut down its predecessor, FREAK.

android security danger

Android's default browser is vulnerable to URL spoofing

A flaw in Android's default Web browser lets attackers spoof the URL shown in the address bar, allowing them to mount more credible phishing attacks.

computer security stock image

LogJam encryption flaw puts Web surfers at risk

Computer security experts have found a new encryption flaw closely related to one found earlier this year that puts Web surfers' data at risk.

aiming gun

Data held hostage; backups to the rescue

Some ransomware travels quickly from one computer to the entire network. The bad guys are moving fast nowadays.

airplane 620x465

Who’s flying the plane? The latest reason to never ignore security holes

Companies make excuses for not addressing security holes that seem unlikely to be exploited. The problem is that they often do get exploited. Just ask United.

computer bug keyboard

United launches bug bounty, but in-flight systems off limits

United Airlines is offering rewards to researchers for finding flaws in its websites, but the company is excluding bugs related to in-flight systems, which the U.S. government says may be increasingly targeted by hackers.

chrome logo

Google cripples all Chrome add-ons from outside its app store

Google took a final step in its years-long scheme to aggressively lock down Chrome by crippling all add-ons because of abuse of a loophole left in the rules last year.

China-based hackers used Microsoft's TechNet for attacks

Microsoft has moved to stop a China-based hacking group from using its TechNet website as part of its attack infrastructure.

There ARE worse ways to hear from the FBI at 1 AM

It's 1 a.m., and this user is asleep at home when she's awakened by her frantic teenage son at her bedroom door -- and it's about the FBI.


Applying the Irari Rules to a risk-based security program

A few respected critics took issue with what we call the Irari Rules. Here’s why their concerns are off base.

sec vulnerability lock bolt

Critical VM escape flaw could put business data at risk

A critical vulnerability in code used by several virtualization platforms can put business information stored in data centers at risk of compromise.

Microsoft fixes 46 flaws in Windows, IE, Office, other products

Companies should prioritize three security bulletins that are rated critical.

security criminals

Update: Malware-infected home routers used to launch DDoS attacks

Tens of thousands of home routers infected with malware are being used by hackers to launch DDoS attacks.

Russian cybergroup eyes bank attacks

A group of Russian hackers known for targeting military, government and media organizations is now preparing to attack banks in the U.S. and elsewhere.

inverness shire constabulary mountain rescue off road vehicle

Taking our breach response plan for a test-drive

Our manager upgrades his company’s incident response plan and gets ready to test it with all the people who will need to react should a real breach ever hit.


More Lenovo woes: 3 security flaws, website clerical errors, maybe layoffs

Lenovo is again in the news thanks to the security snafus of three security holes in Lenovo System Update service. The company claims there is no defect in its new LaVie Z 360 devices, but blamed confusion about its capabilities on...

mackeeper 2

MacKeeper security program opens critical hole on Macs

A critical vulnerability in MacKeeper, a controversial security program for Macs, could let attackers execute malicious commands when their owners visit specially crafted Web pages.

cisco security malware 625x416

GPU malware could also affect Windows PCs, and maybe Macs

A team of developers who created a Linux rootkit that runs on graphics cards has released a proof-of-concept malware program that does the same on Windows. And a Mac OS X implementation is in the works.

Load More