More Malware and Vulnerabilities News
Source code for Carberp financial malware is for sale at bargain price
The source code for the Carberp banking Trojan program is being offered for sale on the underground market at a very affordable price, which could result in additional Carberp-based financial malware being developed in the future, according to researchers from Russian cybercrime investigations firm Group-IB.
More malware is traveling on P2P networks these days
Hackers have found a devious new way to disseminate malware: They're using peer-to-peer networks.
Microsoft patches critical IE vulnerabilities and actively exploited Office flaw
A new batch of security updates released by Microsoft on Tuesday address a total of 23 vulnerabilities in Internet Explorer, Windows and Microsoft Office, including one that is actively exploited by attackers. The handling of digital certificates in Windows was also improved.
New backdoor 'KeyBoy' malware hits Asia with targeted attacks
Users from Vietnam, India, China, Taiwan and possibly other countries, were targeted as part of an attack campaign that uses Microsoft Word documents rigged with exploits in order to install a backdoor program that allows attackers to steal information, according to researchers from security firm Rapid7.
New Android Trojan app exploits previously unknown flaws, researchers say
A newly discovered Trojan program exploits previously unknown flaws in Android and borrows techniques from Windows malware in order to evade detection and achieve persistence on infected devices.
Microsoft to tackle under-attack Office bug next week
Microsoft today said it will ship just five security updates next week, the fewest in any month so far this year, to patch 23 vulnerabilities in Internet Explorer, Windows and Office.
Hacker publishes alleged zero-day remote code execution exploit for older Plesk versions
A hacker released what he claims is a zero-day exploit for older versions of the Parallels Plesk Panel, a popular Web hosting administration software package, that could allow attackers to inject arbitrary PHP code and execute rogue commands on Web servers.
Bill aims to discourage nations from sponsoring cyberattacks
Three U.S. lawmakers have introduced legislation that would allow President Barack Obama's administration to deny U.S. travel visas to cyberattackers sponsored by foreign governments and to freeze their U.S.-based assets.
ISC patches publicly disclosed BIND 9 denial-of-service flaw
The Internet Systems Consortium, the organization that develops and maintains the widely used BIND DNS software, has patched a publicly disclosed vulnerability that can be used to remotely crash DNS servers running recent releases of BIND 9.
Malware increasingly uses peer-to-peer communications, researchers say
The number of malware samples that use P-to-P (peer-to-peer) communications has increased fivefold during the past 12 months, according to researchers from security firm Damballa.
Apple fixes irritating Mountain Lion bugs, firms up Java defenses
Apple on Tuesday updated OS X Mountain Lion, likely for one of the last times, with a combination of compatibility and reliability bug fixes as well as vulnerability patches.
Cyberespionage campaign 'NetTraveler' siphoned data from hundreds of high-profile targets, researchers say
An ongoing cyberespionage campaign compromised over 350 high-profile victims from more than 40 countries over the past eight years, including political activists, research centers, governmental institutions, embassies, military contractors and private companies from various industries.
Google Chrome bags a rare critical vulnerability fix
Google today patched 12 vulnerabilities in Chrome, including one of the few labeled critical that it has fixed in the five-year history of its browser.
McAfee sees surge in spam, Koobface samples, MBR attacks
The first three months of 2013 have seen a surge in spam volume, as well as large numbers of samples of the Koobface social networking worm and master boot record (MBR) infecting malware, according to antivirus vendor McAfee.
Oracle reveals plans for Java security improvements
Oracle plans to make changes to strengthen the security of Java, including fixing its certificate revocation checking feature, preventing unsigned applets from being executed by default and adding centralized management options with whitelisting capabilities for enterprise environments.
Google wants software vendors to respond to vulnerabilities within 7 days
Google wants vendors to fix or offer mitigation advice for previously unknown and actively exploited software vulnerabilities within seven days of their discovery.
Drupal resets account passwords after detecting unauthorized access
Drupal.org has reset account passwords after it found unauthorized access to information on its servers.
Hackers exploit Ruby on Rails vulnerability to compromise servers, create botnet
Hackers are actively exploiting a critical vulnerability in the Ruby on Rails Web application development framework in order to compromise Web servers and create a botnet.
PayPal denies teenager reward for finding website bug
A 17-year-old German student contends PayPal has denied him a reward for finding a vulnerability in its website.
Researchers warn of increased Zeus malware activity this year
The amount of cybercriminal activity associated with the Zeus family of financial Trojan programs has increased during the past few months, according to security researchers from antivirus vendor Trend Micro.
Free Insider Guide- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
Malware and Vulnerabilities White Papers
- Security for Virtualization
- Learn more.
- When Malware Goes Mobile: Causes, Outcomes and Cures
- Cybercriminals are increasingly setting their sights on smartphones and other mobile devices. Learn about platform-specific policies and strategies you can employ to protect...
- Top Three Reasons Why Customers Deploy EMC VNX with EMC VPLEX
- What if you could build a cost effective, continuously available storage infrastructure? Learn the top reasons users are deploying EMC VNX with EMC...
- Clearing the Clouds for Midmarket Businesses
- The 10-point checklist included in this expert brief has been developed to help small and midsize businesses select the cloud model and cloud...
- Perforce Case Study
- Learn how EMC cost-effectively transformed their infrastructure and improved storage performance by 60% by unifying storage, deploying virtualization and leveraging Flash to meet... All Malware and Vulnerabilities White Papers
Malware and Vulnerabilities Webcasts
- Virtustream (Vayence) video taking a 3000-Seat SAP Environment to the Cloud
- How can public cloud services help your organization reduce costs and increase security for your mission
- Williams & Fudge on Transforming IT with EMC
- Watch Williams & Fudge Data Center Director Phillip Reynolds discuss why this accounts receivable management firm turned to EMC.
- The Success Network: Driving Business Forward
- The communications and connectivity infrastructure of your organization is the focus of this KnowledgeVault Exchange, sponsored by Comcast Business.
- Advanced Voice Solutions for Your Business
- How can hosted business class voice services help mid-sized business be more agile, competitive and ready for growth?
- Bring Mobile Innovation to your Enterprise.
- With the mobility revolution well underway, CIO's and Line of Business owners are faced with the struggle to develop a winning mobile strategy. All Malware and Vulnerabilities Webcasts
