Skip the navigation

Malware and Vulnerabilities Topic Center

Get the latest news, advice and in-depth analysis on malware, including information on viruses, worms, Trojans and zero-day vulnerabilities

Malware and Vulnerabilities News

Coding error protects some Android apps from Heartbleed

Some Android apps thought to be vulnerable to the Heartbleed bug were spared because of a common coding error in the way they implemented their own native OpenSSL library.
Read more...

Apple patches Secure Transport, but not because of Heartbleed

Apple today issued a security-only update for OS X, patching 25 vulnerabilities in Mavericks, its newest operating system, and 7 bugs in older editions.

Mystery malware infecting jailbroken iPhones, iPads

A malware campaign of yet-to-be-determined origin is infecting jailbroken iPhones and iPads to steal Apple account credentials from SSL encrypted traffic.

SEC seeks data on cyber security policies at Wall Street firms

The Securities and Exchange Commission plans to review the cyber defenses of 50 Wall Street broker-dealers and investment advisers to determine whether they are prepared for potential cyber threats.

Most but not all sites have fixed Heartbleed flaw

The world's top 1,000 websites have been patched to protect their servers against the "Heartbleed" exploit, but up to 2% of the top million were still vulnerable as of last week.

Satellite communication systems are rife with security flaws, vulnerable to hackers

Security researchers have found that many satellite communication systems have vulnerabilities and design flaws that can let remote attackers intercept, manipulate, block and in some cases take full control of critical communications.

Michaels breach exposes nearly 3M payment cards

About 2.6 million payment cards at Michaels Stores and another 400,000 at subsidiary Aaron Brothers may have been affected in a card skimming attack that compromised its point-of-sale systems, the retailer said Thursday.

This Netcraft tool flags sites affected by Heartbleed

Worried about how the Heartbleed vulnerability may affect your personal accounts? A new tool may be of help.

Android trojan app targets Facebook users

Cybercriminals have started using a sophisticated Android Trojan app designed for e-banking fraud to target Facebook users, possibly in an attempt to bypass the two-factor authentication protection on the social network.

Microsoft extends Windows 8.1 Update migration deadline for business

Microsoft on Wednesday extended the Windows 8.1 Update migration deadline for businesses by three months, but again told consumers they had less than four weeks to make the move before the company shuts off their patch faucet.

Malware and Vulnerabilities In Depth

Security Manager's Journal: Virtual machines, real mess

When Internet and phone service are impaired at a development center, the problem is traced to VM images installed in a classroom.

How a cyber cop patrols the underworld of e-commerce

Melissa Andrews, a resident of Canada, is a cyber security "cop" for Payza, an international e-commerce payment platform operating in 97 countries. Her job, described by the company's public relations firm as "the worst security job on the Internet," is to protect the public from illegal, and many times revolting, content, by shutting the sites down and alerting authorities about criminal activity. She spoke with CSO this week about her job and why she is proud of what she does.

Evan Schuman: With Heartbleed, IT leaders are missing the point

If our checks and balances are so fragile that a typo can obliterate all meaningful security, we have some fundamental things to fix.

Security Manager's Journal: A rush to XP's end of life

The end of Microsoft support is fast approaching, and the company still has a lot of machines running the old Windows operating system.

The new security perimeter: Human Sensors

Security Manager George Grachis discusses the current cyber threat landscape and why Human Sensors, our users, are our most underutilized resource that can make all the difference

McAfee Offers Global Response to Nationalized Malware

In medieval times, kings let barbarians break down the castle gates but made sure they paid the price once they got inside. McAfee's approach to security takes a similar approach -- since data breaches are inevitable, companies should worry less about the perimeter and more on catching the bad guys in the act.

Ira Winkler: 6 failures that led to Target hack

The storyline that a single point of failure allowed a sophisticated attacker to steal millions of card numbers from Target just doesn't hold up.

7 sneak attacks used by today's most devious hackers

Most malware is mundane, but these innovative techniques are exploiting systems and networks of even the savviest users

Security Manager's Journal: An admin surfing on a server? That's a big no-no

How could a tightly restricted server in finance be compromised by malware? Really, it's not that hard.

Malware: War without end

After decades of fighting off viruses, worms, Trojans and other malware and cyberattacks, total victory remains beyond reach.