Skip the navigation

Malware and Vulnerabilities Topic Center

Get the latest news, advice and in-depth analysis on malware, including information on viruses, worms, Trojans and zero-day vulnerabilities

Malware and Vulnerabilities News

Russian gov't is willing to pay for a way to ID Tor users

The Russian Ministry of Interior is willing to pay 3.9 million roubles, or around $111,000, for a method to identify users on the Tor network.
Read more...

Bugcrowd guide aims to smooth the way for reporting software flaws

Handling a software flaw can be messy, both for a security researcher who found it and for the company it affects. But a new set of guidelines aims to make that interaction less mysterious and confrontational.

Thousands of sites compromised by WordPress plug-in flaw

A critical vulnerability found recently in a popular newsletter plug-in for WordPress is actively being targeted by hackers and was used to compromise an estimated 50,000 sites so far.

Firm says vulnerability in Tails contained in I2P component

A vulnerability broker published a video demonstrating one of several flaws it has found in the privacy-focused Tails operating system, which is used by those seeking to make their Web browser harder to trace.

File-encrypting Android ransomware 'Simplocker' targets English-speaking users

A ransomware threat that encrypts files stored on the SD memory cards of Android devices has been updated to target English-speaking users with FBI-themed alerts.

SQL injection flaw opens door for Wall Street Journal database hack

A vulnerability in a web-based graphics system led to a breach of The Wall Street Journal's network by a hacker, the newspaper acknowledged late Tuesday.

Tor Project working to fix weakness that can unmask users

Developers of Tor software believe they've identified a weakness that was scheduled to be revealed at the Black Hat security conference next month that could be used to de-anonymize Tor users.

EFF releases Chrome, Firefox plugin to block third-party tracking

The Electronic Frontier Foundation, a digital privacy rights group, has released a downloadable plugin for Chrome and Firefox designed to stop third parties from tracking people's Web browsing.

Open Wireless Router project aims for better router security, network performance

Advocacy group the Electronic Frontier Foundation wants to address the poor security track record of home routers with a new firmware project that will encourage users to share their Internet connection publicly by setting up guest Wi-Fi networks.

Stealthy ransomware 'Critroni' uses Tor, could replace Cryptolocker

Cybercriminals are spreading a new file-encrypting ransomware program that's more powerful and resilient than Cryptolocker, a threat recently shut down by the U.S. Department of Justice.

Malware and Vulnerabilities In Depth

11 signs you've been hacked -- and how to fight back

Redirected Net searches, unexpected installs, rogue mouse pointers: Here's what to do when you've been 0wned

Kenneth van Wyk: We can't just blame users

Yes, users sometimes do stupid things. Some always will. But developers need to do more to save users from themselves.

Heartbleed still matters, and we're all partly to blame

Extremely weak passwords make us vulnerable, but there are ways to create passwords you'll remember and yet are hard to crack. (Insider; registration required)

Security Manager's Journal: We manage our threats, but what about our vendors?

We've all learned that we're no safer than our least safe partner on our networks.

Information overload: Finding signals in the noise

Signal-to-noise ratios are hard to manage. As a security professional, you want the threat data, you want the attack notifications and alerts, and you need intelligence. But, when there's too much coming in, those alerts and notifications fall to the wayside. They're easily dismissed and ignored.

Dark Wallet--Threat or No Threat?

The Fuss About Dark Wallet

Security Manager's Journal: Dealing with the heartburn of Heartbleed

Our manager scrambles to find and fix any vulnerable resources after the OpenSSL flaw is discovered.

Security Manager's Journal: With Heartbleed, suddenly the world is paying attention to security

Why have recent vulnerabilities gotten so much more attention than the ones that preceded them? It's hard to say, but the new awareness is a mixed blessing.

Kenneth van Wyk: Looking beyond Heartbleed

We can do things now to make things a little easier should we face another widespread security defect in code like OpenSSL.

Steven J. Vaughan-Nichols: Here comes the black market for XP patches

For most people, XP patches will be unobtainable through legitimate channels. Sounds like a market to me.