Skip the navigation

Malware and Vulnerabilities Topic Center

Get the latest news, advice and in-depth analysis on malware, including information on viruses, worms, Trojans and zero-day vulnerabilities

Malware and Vulnerabilities News

Thumb drives can be reprogrammed to infect computers

Most USB devices have a fundamental security weakness that can be exploited to infect computers with malware in a way that cannot easily be prevented or detected, security researchers found.
Read more...

Attackers exploit remote access tools to compromise retail systems

Malicious hackers are using remote access tools to break into retail point-of-sale systems and plant malware on them, the Department of Homeland Security warned.

Popular Internet-of-Things devices aren't secure

A security audit of 10 popular Internet-connected devices -- components of the so-called "Internet of things" -- identified an alarmingly high number of vulnerabilities.

Many antivirus products are riddled with security flaws

It's generally accepted that antivirus programs provide a necessary protection layer, but organizations should audit such products before deploying them on their systems because many of them contain serious vulnerabilities, a researcher warned.

Zero-day flaws found in Symantec's Endpoint Protection

Symantec's Endpoint Protection product has three zero-day flaws that could allow a logged-in user to move to a higher access level on a computer, according to a penetration testing and training company.

Using Instagram on public Wi-Fi risks account hijack

A configuration problem in Facebook's popular Instagram application for Apple devices could allow a hacker to hijack a person's account if they're both on the same public Wi-Fi network.

Attackers install DDoS bots on Amazon cloud, exploit Elasticsearch weakness

Attackers are exploiting a vulnerability in distributed search engine software Elasticsearch to install DDoS malware on Amazon and possibly other cloud servers.

Until the Tails privacy tool is patched, here's how to stay safe

Vulnerabilities in the Tails operating system could reveal your IP address, but you can avoid trouble by taking a couple of precautions.

Russian gov't is willing to pay for a way to ID Tor users

The Russian Ministry of Interior is willing to pay 3.9 million roubles, or around $111,000, for a method to identify users on the Tor network.

Bugcrowd guide aims to smooth the way for reporting software flaws

Handling a software flaw can be messy, both for a security researcher who found it and for the company it affects. But a new set of guidelines aims to make that interaction less mysterious and confrontational.

Malware and Vulnerabilities In Depth

Security Manager's Journal: A ransomware flop, thanks to security awareness

Only one person clicks on a bad link, and she had all her files properly backed up. Maybe employees aren't a security manager's nightmare after all.

11 signs you've been hacked -- and how to fight back

Redirected Net searches, unexpected installs, rogue mouse pointers: Here's what to do when you've been 0wned

Kenneth van Wyk: We can't just blame users

Yes, users sometimes do stupid things. Some always will. But developers need to do more to save users from themselves.

Heartbleed still matters, and we're all partly to blame

Extremely weak passwords make us vulnerable, but there are ways to create passwords you'll remember and yet are hard to crack. (Insider; registration required)

Security Manager's Journal: We manage our threats, but what about our vendors?

We've all learned that we're no safer than our least safe partner on our networks.

Information overload: Finding signals in the noise

Signal-to-noise ratios are hard to manage. As a security professional, you want the threat data, you want the attack notifications and alerts, and you need intelligence. But, when there's too much coming in, those alerts and notifications fall to the wayside. They're easily dismissed and ignored.

Dark Wallet--Threat or No Threat?

The Fuss About Dark Wallet

Security Manager's Journal: Dealing with the heartburn of Heartbleed

Our manager scrambles to find and fix any vulnerable resources after the OpenSSL flaw is discovered.

Security Manager's Journal: With Heartbleed, suddenly the world is paying attention to security

Why have recent vulnerabilities gotten so much more attention than the ones that preceded them? It's hard to say, but the new awareness is a mixed blessing.

Kenneth van Wyk: Looking beyond Heartbleed

We can do things now to make things a little easier should we face another widespread security defect in code like OpenSSL.