Malware and Vulnerabilities Topic Center

Get the latest news, advice and in-depth analysis on malware, including information on viruses, worms, Trojans and zero-day vulnerabilities

Microsoft brushes off claim Xbox Live accounts were compromised

Microsoft brushed off a dubious hacker's claim on Thursday that he stole 47 million account credentials for Microsoft's Xbox Live gaming service.
Read more...

Researchers find more versions of digitally signed Mac OS X spyware

Security researchers have identified multiple samples of the recently discovered "KitM" spyware for Mac OS X, including one dating back to December 2012 and targeting German-speaking users.

Google engineer bashes Microsoft's handling of security researchers, discloses Windows zero-day

A Google security engineer accused Microsoft of treating outside researchers with "great hostility" days before posting details of an unpatched vulnerability in Windows that could be used to crash PCs or gain additional access rights.

New Citadel malware variant targets Payza online payment platform

A new variant of the Citadel financial malware is targeting users of the Payza online payment platform by launching local in-browser attacks to steal their credentials, according to researchers from security firm Trusteer.

U.S. power companies under frequent cyberattack

A survey of U.S. utilities shows many are facing frequent cyberattacks that could threaten a highly interdependent power grid supplying more than 300 million people, according to a congressional report.

Researchers find critical vulnerabilities in popular game engines

Security researchers found serious vulnerabilities in the engines of several popular first-person shooter video games that could allow attackers to compromise their online servers and the computers of players accessing them.

Telenor cyberespionage attack has Indian origins

A recent intrusion on the computer network of Norwegian telecommunications company Telenor was the result of a large cyberespionage operation of Indian origin that for the past few years has targeted business, government and political organizations from different countries, according to researchers from security firm Norman Shark.

Researchers uncover new global cyberespionage operation dubbed Safe

Security researchers from Trend Micro have uncovered an active cyberespionage operation that so far has compromised computers belonging to government ministries, technology companies, media outlets, academic research institutions and nongovernmental organizations from over 100 countries.

New Mac spyware found on Angolan activist's computer

Previously unknown Mac OS X spyware, signed with a valid Apple Developer ID, has turned up on the laptop of an activist from Angola at a human rights conference in Norway.

In a sea of malware, viruses make a small comeback

The computer virus seems to be making a subtle comeback.

Security Manager's Journal: Upgrading, and looking for the best we can afford

Several of the company's security technologies are reaching end of life. It's a new experience for our manager to be improving security measures instead of closing gaps.

Targeted attacks up over 2012, SMBs increasingly at risk: Symantec

The number of targeted attacks almost doubled in 2012 compared to the prior year.

At RSA, specious arguments against security awareness

A debate requires intelligent dialogue from representatives on both sides of an issue. That's not what happened at the RSA conference panel on security awareness.

IT Concerns About Targeted Malware Rising

IT and security professionals are increasingly concerned about targeted malware and data breaches. What's worse is that their confidence in their ability to identify and stop them is waning.

Security Manager's Journal: R&D's new security lab is a promising step

For once, security isn't an afterthought, as the R&D department plans its own sandbox for testing the company's software products.

Kenneth van Wyk: Staying out of the belly of the Internet beasts

It's true: The Internet really is out to get us all. Here are a few steps you can take toward being safer every time you use the Web. (Insider; registration required)

Microsoft to roll out Windows Store app patches quickly

Microsoft will release security updates for applications in its Windows Store as those patches are available in order to speed up the updating process.

Security Manager's Journal: Spam makes a comeback

Out of the blue, phishing attacks previously caught in the spam filter are getting through to employee inboxes.

Chinese Government's Link to Cyber Espionage Clearer Than Ever

It's a common belief in the information security world that the Chinese government is behind many of the advanced persistent threats that target companies around the world in an effort to steal their IP and trade secrets. Now one security firm has come forward with years of evidence to link a prolific APT group to a unit inside the Chinese government.

Three charged with distributing Gozi virus

Three people allegedly involved for years in cybercriminal activities in Eastern Europe have been charged in a U.S. court for creating and distributing the Gozi virus that infected more than 1 million computers and allowed cybercriminals to steal millions of dollars over a five-year period.