Skip the navigation

Malware and Vulnerabilities Topic Center

Get the latest news, advice and in-depth analysis on malware, including information on viruses, worms, Trojans and zero-day vulnerabilities

Malware and Vulnerabilities News

Popular Internet-of-Things devices aren't secure

A security audit of 10 popular Internet-connected devices -- components of the so-called "Internet of things" -- identified an alarmingly high number of vulnerabilities.
Read more...

Many antivirus products are riddled with security flaws

It's generally accepted that antivirus programs provide a necessary protection layer, but organizations should audit such products before deploying them on their systems because many of them contain serious vulnerabilities, a researcher warned.

Zero-day flaws found in Symantec's Endpoint Protection

Symantec's Endpoint Protection product has three zero-day flaws that could allow a logged-in user to move to a higher access level on a computer, according to a penetration testing and training company.

Using Instagram on public Wi-Fi risks account hijack

A configuration problem in Facebook's popular Instagram application for Apple devices could allow a hacker to hijack a person's account if they're both on the same public Wi-Fi network.

Attackers install DDoS bots on Amazon cloud, exploit Elasticsearch weakness

Attackers are exploiting a vulnerability in distributed search engine software Elasticsearch to install DDoS malware on Amazon and possibly other cloud servers.

Until the Tails privacy tool is patched, here's how to stay safe

Vulnerabilities in the Tails operating system could reveal your IP address, but you can avoid trouble by taking a couple of precautions.

Russian gov't is willing to pay for a way to ID Tor users

The Russian Ministry of Interior is willing to pay 3.9 million roubles, or around $111,000, for a method to identify users on the Tor network.

Bugcrowd guide aims to smooth the way for reporting software flaws

Handling a software flaw can be messy, both for a security researcher who found it and for the company it affects. But a new set of guidelines aims to make that interaction less mysterious and confrontational.

Thousands of sites compromised by WordPress plug-in flaw

A critical vulnerability found recently in a popular newsletter plug-in for WordPress is actively being targeted by hackers and was used to compromise an estimated 50,000 sites so far.

Firm says vulnerability in Tails contained in I2P component

A vulnerability broker published a video demonstrating one of several flaws it has found in the privacy-focused Tails operating system, which is used by those seeking to make their Web browser harder to trace.

Malware and Vulnerabilities In Depth

11 signs you've been hacked -- and how to fight back

Redirected Net searches, unexpected installs, rogue mouse pointers: Here's what to do when you've been 0wned

Kenneth van Wyk: We can't just blame users

Yes, users sometimes do stupid things. Some always will. But developers need to do more to save users from themselves.

Heartbleed still matters, and we're all partly to blame

Extremely weak passwords make us vulnerable, but there are ways to create passwords you'll remember and yet are hard to crack. (Insider; registration required)

Security Manager's Journal: We manage our threats, but what about our vendors?

We've all learned that we're no safer than our least safe partner on our networks.

Information overload: Finding signals in the noise

Signal-to-noise ratios are hard to manage. As a security professional, you want the threat data, you want the attack notifications and alerts, and you need intelligence. But, when there's too much coming in, those alerts and notifications fall to the wayside. They're easily dismissed and ignored.

Dark Wallet--Threat or No Threat?

The Fuss About Dark Wallet

Security Manager's Journal: Dealing with the heartburn of Heartbleed

Our manager scrambles to find and fix any vulnerable resources after the OpenSSL flaw is discovered.

Security Manager's Journal: With Heartbleed, suddenly the world is paying attention to security

Why have recent vulnerabilities gotten so much more attention than the ones that preceded them? It's hard to say, but the new awareness is a mixed blessing.

Kenneth van Wyk: Looking beyond Heartbleed

We can do things now to make things a little easier should we face another widespread security defect in code like OpenSSL.

Steven J. Vaughan-Nichols: Here comes the black market for XP patches

For most people, XP patches will be unobtainable through legitimate channels. Sounds like a market to me.