HOME/ABOUT  Prayer  SCOTUS  ProLife  BangList  Aliens  StatesRights  ConventionOfStates  WOT  HomosexualAgenda  GlobalWarming  Corruption  Taxes  Congress  Fraud  MediaBias  GovtAbuse  Tyranny  Obama  ObamaCare  Elections  Layoffs  NaturalBornCitizen  FastandFurious  OPSEC  Benghazi  Libya  IRS  Scandals  TalkRadio  TeaParty  FreeperBookClub  HTMLSandbox  FReeperEd  FReepathon  CopyrightList  Copyright/DMCA Notice 

Calling all FReepers: We need to wrap this baby up within the next few days. If you have not yet made your donation, please do so today. Let's git 'er done. Thank you very much!!

Or by mail to: Free Republic, LLC - PO Box 9771 - Fresno, CA 93794
Free Republic 2nd Quarter Fundraising Target: $88,000 Receipts & Pledges to-date: $79,241
90%  
Woo hoo!! And now less than $8.8k to go!! We can do this. Thank you all very much!! Let's git 'er done!!

Keyword: malware

Brevity: Headers | « Text »
  • Netgear and ZyXEL Confirm NetUSB Flaw

    05/21/2015 10:39:51 PM PDT · by Utilizer · 2 replies
    Computerworld ^ | May 21, 2015 9:42 AM PT | Lucian Constantin
    ... Networking device manufacturers ZyXEL Communications and Netgear have confirmed that some of their routers are affected by a recently disclosed vulnerability in a USB device-sharing service called NetUSB. ZyXEL will begin issuing firmware updates in June, while Netgear plans to start releasing patches in the third quarter of the year. The vulnerability, tracked as CVE-2015-3036, is located in a Linux kernel module called NetUSB that's commonly used in routers and other embedded devices. The module is developed by a Taiwan-based company called KCodes Technology and allows routers to share USB devices with other computers via the Internet Protocol (IP)....
  • Adblock Plus launches Adblock Browser: Firefox for Android with built-in ad blocking

    05/20/2015 8:39:29 PM PDT · by Utilizer · 19 replies
    VB - VentureBeat ^ | May 20, 2015 1:00 AM | Emil Protalinski
    ... Adblock Plus already has a Firefox for Android add-on, though it requires installing two apps and setting them up. The company also has an Android app that blocks in-app ads, but it only works on Wi-Fi connections and has to be sideloaded and hooked up to a proxy. In other words, Adblock Plus isn’t easy to use on mobile. Adblock Browser is supposed to change that. “This is the first time we’ve really gone with a solution that is completely ours,” communications manager Ben Williams told VentureBeat. Adblock Browser wasn’t exactly written from the ground up. The team used...
  • LogJam leaves browsers vulnerable to MiTM attack

    05/20/2015 8:25:10 PM PDT · by Utilizer · 2 replies
    iTnews AUS ^ | May 21, 2015 5:53 AM (AUS) | Doug Drinkwater
    ... Researchers have discovered a new security flaw that could affect tens of thousands of HTTPS websites, mail servers and other services by allowing attackers to downgrade the Transport Layer Security (TLS) connections to 512-bit export-grade cryptography to crack that connection and read any data being transmitted. Dubbed LogJam, researchers from Microsoft, John Hopkins University, University of Michigan, University of Pennsylvania and the Inria Nancy-Grand Est research in France, discovered the flaw some months ago, and have subsequently informed browser makers about the issue, who are currently patching. The research team has published a technical paper (pdf) and built a...
  • Trojanized, info-stealing PuTTY version lurking online (SSH Secure Shell program for Windows)

    05/19/2015 5:17:01 PM PDT · by dayglored · 15 replies
    Help Net Security ^ | May 19, 2015 | Zeljka Zorz
    A malicious version of the popular open source Secure Shell (SSH) client PuTTY has been spotted and analyzed by Symantec researchers, and found to have information-stealing capabilities. PuTTY, which is written and maintained primarily by Simon Tatham and can be freely downloaded from the project's official site, is a popular software with admins and developers looking to connect to remote servers through encrypted means. Compiled from source, this malicious version is apparently capable of stealing the credentials needed to connect to those servers. "Data that is sent through SSH connections may be sensitive and is often considered a gold mine...
  • More Java holes found in Google App Engine

    05/18/2015 10:20:07 PM PDT · by Utilizer · 2 replies
    iTnews AUS ^ | May 18, 2015 12:15 PM (AUS) | Juha Saarinen
    Google slow to respond. A Polish security firm has discovered more vulnerabilities in the Java coding platform used on Google's App Engine (GAE) cloud computing service, which could allow users to get access beyond their own virtual machines. The Security Explorations team, which has made a name for itself by unearthing large numbers of security holes in Oracle's Java framework over the past few years, said it had reported seven vulnerabilities to Google, along with proof of concept code. Three of the flaws allow complete bypass of the GAE Java security sandbox. Such a bypass could be used by attackers...
  • Lenovo users exposed to "massive security risk"

    05/10/2015 4:02:17 PM PDT · by Utilizer · 6 replies
    iTnews.aus ^ | May 7, 2015 6:41 AM (AUS) | unattributed
    Researchers find more serious flaws. Lenovo has been accused of putting users at "massive security risk" through newly-discovered flaws in its online product update service which allow hackers to download malware onto user systems through a man-in-the-middle (MiTM) attack. The holes were revealed by security firm IOActive, just weeks after Lenovo was found to be shipping PCs with pre-installed ‘Superfish' adware that also left its users open to MITM attacks. In an advisory today, IOActive researchers Michael Milvich and Sofiane Talmat said they had discovered “high-severity” privilege escalation vulnerabilities in Lenovo's system update service, which enables users to download the...
  • Ex-NSA security bod fanboi: Apple Macs are wide open to malware

    05/09/2015 6:10:00 PM PDT · by Enlightened1 · 12 replies
    The Register ^ | 5/8/15 | John Leyden
    'I love Apple products, I just wish they were secure' A former NSA staffer turned security researcher is warning that bypassing typical OS X security tools is trivial. Patrick Wardle, a former NSA staffer and NASA intern who now heads up research at crowd-sourced security intelligence firm Synack, found that Apple's defensive Gatekeeper technology can be bypassed allowing unsigned code to run. Apple's Gatekeeper utility is pre-installed in Mac OS X PCs and used to verify code. The tool is designed so that by default it will only allow signed code to run or, depending on settings, only packages from...
  • Apple security program, MacKeeper, celebrates difficult birthday

    05/07/2015 7:13:15 PM PDT · by Utilizer · 14 replies
    ITworld ^ | May 5, 2015 | Jeremy Kirk
    MacKeeper, a utility and security program for Apple computers, celebrated its fifth birthday in April. But its gift to U.S. consumers who bought the application may be a slice of a $2 million class-action settlement. Released in 2010, MacKeeper has been dogged by accusations that it exaggerates security threats in order to convince customers to buy. Its aggressive marketing has splashed MacKeeper pop-up ads all over the web. The program was originally created by a company called ZeoBIT in Kiev, Ukraine. The country—full of young, smart programmers—has long been a hub for lower-cost software development and outsourcing.
  • Self-destructing virus kills off PCs

    05/07/2015 7:01:36 PM PDT · by Utilizer · 61 replies
    teoti ^ | 9:38 pm 05/05/2015 | tricpe
    A computer virus that tries to avoid detection by making the machine it infects unusable has been found. If Rombertik's evasion techniques are triggered, it deletes key files on a computer, making it constantly restart. Analysts said Rombertik was "unique" among malware samples for resisting capture so aggressively. On Windows machines where it goes unnoticed, the malware steals login data and other confidential information. Endless loop Rombertik typically infected a vulnerable machine after a booby-trapped attachment on a phishing message had been opened, security researchers Ben Baker and Alex Chiu, from Cisco, said in a blogpost. Some of the messages...
  • Lenovo: researchers find 'massive security risk'

    05/07/2015 1:22:17 AM PDT · by WhiskeyX · 2 replies
    BBC News ^ | Kevin Rawlinson
    The Chinese PC manufacturer Lenovo has been accused of running a "massive security risk" after researchers found flaws in its software. Three vulnerabilities could be exploited to install malware on users' systems or to hand attackers a measure of control over them, it was reported. Lenovo acknowledged the findings and urged users to download a patch to resolve the issues. The news follows revelations about pre-installed adware on Lenovo systems.
  • Aussie enterprises targeted in Bartalex spam campaign

    04/28/2015 6:02:45 PM PDT · by Utilizer · 8 replies
    iTnews.com.au ^ | on Apr 29, 2015 6:49 AM (AUS) | Juha Saarinen
    Office macro downloads malware used in JP Morgan heist. Australian businesses are currently being hit by cloud storage hosted Microsoft Office macro malware in large numbers in a month-long campaign uncovered by security researchers. Security vendor Trend Micro said its researchers detected an outbreak of spam that used fraudulent messages from the Automated Clearing House electronic funds transfer network that is regularly used by businesses for transactions with each other. The spam messages link to Dropbox sites that contain malicious Microsoft Office macros - named Bartalex - which if enabled by users, proceed to download a variant of the Dyre...
  • No patch for remote code-execution bug in D-Link and Trendnet routers

    04/28/2015 5:53:58 PM PDT · by Utilizer · 23 replies
    arstechnica | Apr 28, 2015 9:01am PDT | Dan Goodin
    Arstechnica has an article up concerning a remote coded execution bug in some routers. Arstechnica does not wish their articles to be posted or excerpted here, so the webpage addy is included for those wishing to read more about it. Affects D-Link and Trendnet routers.
  • Symantec Report: 1 in 5 Android Apps Is Malware

    04/25/2015 11:51:34 AM PDT · by Swordmaker · 32 replies
    ATT NET Yahoo Tech ^ | April 24, 2015 | Dan Tynan
    Bad news, phandroids. Android malware is on the rise. According to Symantec’s latest Internet Security Threat Report, “17 percent of all Android apps (nearly one million total) were actually malware in disguise.” In 2013, Symantec uncovered roughly 700,000 virus-laden apps. More than one third of all apps were what Symatec calls "grayware" or “madware” -- mobile software whose primary purpose is to bombard you with ads. The company also discovered the first example of mobile crypto-ransomware – software that encrypts your data and holds it hostage until you pay ransom for it – for Android devices. Symantec Norton Internet...
  • Microsoft Announces Windows 10 Device Guard, a New Feature That Could Kill Malware Forever

    04/22/2015 5:53:04 PM PDT · by SeekAndFind · 52 replies
    Softpedia ^ | 04/22/2015
    Microsoft is making big efforts to increase the security of Windows 10 and turn the new operating system into a fully secure working environment, so several new features will be available in this regard when it comes out. In addition to Microsoft Passport and Windows Hello, both of which were announced a few months ago, Redmond will also introduce a feature called Device Guard that would give organizations full control over the apps that are allowed to be launched on a device running Windows 10. According to Microsoft, the new feature should provide advanced malware protection against new and even...
  • Kaspersky releases tools to decrypt files encrypted with CoinVault Ransomware

    04/14/2015 6:46:32 PM PDT · by Utilizer · 20 replies
    TechWorm ^ | on April 14, 2015 | Abhishek Kumar Jha
    Software security group Kaspesky labs in collaboration with the Dutch police has released a tool which helps to decrypt files locked by Ransomware. Kaspersky Labs has released a decryption tool for files encrypted with CoinVault ransomware. The tool was developed by the Kaspersky lab after the The National High Tech Crime Unit (NHTCU) of the Dutch police handed over the information obtained from a database of CoinVault command-and-control server containing the decryption keys.
  • ‘This Is Our Fight’: Ted Cruz’s First Badass Campaign Ad

    04/04/2015 8:26:31 AM PDT · by blueyon · 28 replies
    PatDollard.com ^ | 3/03/15 | Ayala Chaviva
    This Is Our Fight’: Ted Cruz’s First Badass Campaign Ad
  • Malwarebytes Programs

    04/02/2015 10:43:19 AM PDT · by hsmomx3 · 21 replies
    Is Malwarebytes and Malwarebytes Anti-Exploits two separate programs? If so, is it advised to have both programs on my computer? I am currently using Malwarebytes Anti-malware on my Windows 8.1 system.
  • Vanity - Concerning Security Warning at National Review Website

    03/23/2015 8:37:01 AM PDT · by Steve_Seattle · 29 replies
    Vanity
    For the second day in a row, I have gotten a strange security warning when trying to enter the National Review website. It warns me of spyware, gives me a phone number to call, and even has a voice message. I have not found a way to escape that message short of shutting down my computer. It seems to be a fake security warning. Has anyone else encountered this problem? If so, do you know what is going on and what to do about it? Thanks.
  • FireEye: Breach detection time is dropping, averages 205 days

    02/26/2015 11:34:35 AM PST · by Ernest_at_the_Beach · 11 replies
    tweaktown.com ^ | Posted: 3 hours, 11 mins ago | By: Michael Hatamoto
    FireEye's Mandiant found that the average data breach was discovered in 205 days, dropping from 229 days (2013) and 243 days (2012). Enterprises were only able to self-detect 31 percent of breaches, with third-parties and the government helping identify cybersecurity incidents.    Companies are becoming more vigilant in detecting cybercrime-related activity, such as credit card companies noticing fraudulent behavior.  "Over the last several years, organizations like the Federal Bureau of Investigation (FBI) have gotten increasingly involved in notifying US businesses that they have been identified as being compromised," said Ryan Kazanciyan, technical director at Mandiant, in a statement to eWEEK....
  • HACKED HARDWARE COULD CAUSE THE NEXT BIG SECURITY BREACH

    02/24/2015 5:08:22 AM PST · by Not gonna take it anymore · 4 replies
    Popular Science ^ | February 17, 2015 | By P.W. Singer
    Sinister Circuit Board Peter Shanks via Flickr CC By 2.0 In late summer of 2006, the Japanese division of McDonald’s decided to run a new promotion. When customers ordered a Coca-Cola soft drink, they would receive a cup with a code. If they entered that code on a designated website and were among 10,000 lucky winners, they would receive an MP3 player pre-loaded with 10 songs. Cleverly constructed, the promotion seemed destined for success. Who doesn’t like a Coke and a free MP3 player? But there was one problem the marketers at McDonald’s could not anticipate: In addition to 10...
  • How Lenovo's dangerous Superfish adware put its customers at risk

    02/20/2015 1:19:16 PM PST · by smokingfrog · 31 replies
    Consumer Reports ^ | 2-20-15 | Donna Tapellini
    The Internet is lighting up with warnings about Superfish, an adware program that came preinstalled on many Lenovo laptops in the past six months. Like a lot of the bloatware that comes on new computers, Superfish exists to help push advertising, not to serve any real consumer need. That would be annoying enough, but Superfish seriously undermines the user's safety, according to many security experts. Superfish is a piece of third-party software that Lenovo installed to, as it says in its apology to consumers, “enhance the shopping experience.” That means it's meant to help advertisers target potential customers. But security...
  • Lenovo Has Been Selling Laptops with Malware Pre-Installed

    02/19/2015 11:58:24 AM PST · by Wolfie · 51 replies
    Yahoo Tech ^ | Feb. 19, 2015
    Lenovo Has Been Selling Laptops with Malware Pre-Installed Computer maker Lenovo has been shipping laptops prepackaged with malware that makes you more vulnerable to hackers — all for the sake of serving you advertisements. Made by a company called “Superfish,” the software is essentially an Internet browser add-on that injects ads onto websites you visit. Besides taking up space in your Lenovo computer, the add-on is also dangerous because it undermines basic computer security protocols. That’s because it tampers with a widely-used system of official website certificates. That makes it hard for your computer to recognize a fake bank website,...
  • Destroying your hard drive is the only way to stop this super-advanced malware

    02/17/2015 7:03:37 AM PST · by BenLurkin · 51 replies
    pcworld.com ^ | Feb 17, 2015 5:40 AM | Jeremy Kirk
    The malware reprograms the hard drive’s firmware, creating hidden sectors on the drive that can only be accessed through a secret API (application programming interface). Once installed, the malware is impossible to remove: disk formatting and reinstalling the OS doesn’t affect it, and the hidden storage sector remains. “Theoretically, we were aware of this possibility, but as far as I know this is the only case ever that we have seen of an attacker having such an incredibly advanced capability,” said Costin Raiu, director of Kaspersky Lab’s global research and analysis team, in a phone interview Monday.
  • The largest bank robbery ever: up to $900M possibly stolen, and no need for a getaway ca

    02/16/2015 8:43:24 AM PST · by Kartographer · 12 replies
    NGR News via Yahoo ^ | 2/16/15 | Chris Smith
    When hackers steal money from banks, they usually go for Bonnie and Clyde attacks, taking whatever they can take in a single grab, one Kaspersky executive told The New York Times, as the security research discovered a different type of bank cyber heist, one likened to Ocean’s Eleven in terms of planning, but also when it comes to the significant amount of stolen cash. Following a well planned operation, that involved months of spying through the use of sophisticated software, unknown hackers originating from Russia, China and Europe managed to steal at least $300 million from a large number of...
  • Bank Hackers Steal Millions via Malware

    02/14/2015 3:03:20 PM PST · by dynachrome · 14 replies
    New York Times ^ | 2-14-15 | DAVID E. SANGER and NICOLE PERLROTH
    In a report to be published on Monday, and provided in advance to The New York Times, Kaspersky Lab says that the scope of this attack on more than 100 banks and other financial institutions in 30 nations could make it one of the largest bank thefts ever — and one conducted without the usual signs of robbery. The Moscow-based firm says that because of nondisclosure agreements with the banks that were hit, it cannot name them. Officials at the White House and the F.B.I. have been briefed on the findings, but say that it will take time to confirm...
  • One-Bit To Rule Them All: Bypassing Windows’ 10 Protections using a Single Bit

    02/11/2015 4:13:08 AM PST · by ctdonath2 · 12 replies
    Breaking Malware ^ | February 10, 2015 | Udi Yavo
    Microsoft released their latest Patch Tuesday. This Patch includes a fix for vulnerability CVE-2015-0057, an IMPORTANT-rated exploitable vulnerability which we responsibly disclosed to Microsoft a few months ago. As part of our research, we revealed this privilege escalation vulnerability which, if exploited, enables a threat actor to complete control of a Windows machine. In other words, a threat actor that gains access to a Windows machine (say, through a phishing campaign) can exploit this vulnerability to bypass all Windows security measures, defeating mitigation measures such as sandboxing, kernel segregation and memory randomization. Interestingly, the exploit requires modifying only a single...
  • Thousands of WordPress Sites Affected By Zero-Day Exploit

    02/06/2015 9:21:24 AM PST · by Ernest_at_the_Beach · 8 replies
    hardocp.com ^ | Thursday February 05, 2015
    Thousands of WordPress Sites Affected By Zero-Day ExploitThanks to a vulnerability in a WordPress plug-in, thousands of websites are at risk of being exploited. The flaw exists in Fancybox, a popular image displaying tool, through which Sucuri researchers say malware or any other script can be added to a vulnerable site. "It's being actively exploited in the wild, leading to many compromised websites," the researchers wrote. Comments
  • Computer Security Question

    01/16/2015 9:24:42 AM PST · by knarf · 35 replies
    self ^ | January 16, 2015 | knarf
    Does an uninstalled walware REALLY uninstall the threat ?
  • Thunderstrike: The scary vulnerability in your Mac's Thunderbolt port

    01/08/2015 7:21:49 PM PST · by Swordmaker · 45 replies
    Mashable ^ | JAN 02, 2015 | BY CHRISTINA WARREN
    The MagSafe2 port, from left, two Thunderbolt ports, a USB 3 port and headphone port (top), SDXC Cardslot, HDMI port, and USB 3 port (bottom), on Apple's MacBook Pro. Similar mage from Apple Inc. substituted for original Getty Image on article site. According to a recent security presentation, attackers could infect Macintosh computers with a special kind of malware using the computer's Thunderbolt port. The attack, dubbed Thunderstrike, was showcased by security researcher Trammell Hudson at the Chaos Communications Congress in Germany. Hudson is well known in the security community, particularly for his work reverse-engineering various devices and systems....
  • Cyber attack on Angela Merkel aide: Report

    12/29/2014 5:13:50 AM PST · by WhiskeyX · 2 replies
    Deutsche Welle ^ | 29.12.2014 | AFP
    Cyber attack on Angela Merkel aide: Report The German chancellor's office has fallen victim to a hacking attack, according to a German newspaper. The Regin malware in question has been linked to British and US spy agencies.
  • Dangerous 'Misfortune Cookie' flaw discovered in 12 million home routers

    12/19/2014 9:29:02 PM PST · by Swordmaker · 23 replies
    PCWorld ^ | December 19, 2014 | By John E. Dunn
    Researchers at Check Point have discovered a serious security vulnerability affecting at least 12 million leading-brand home and SME routers that appears to have gone unnoticed for over a decade. Dubbed the ’Misfortune Cookie’ flaw, the firm plans to give a detailed account of the issue at a forthcoming security conference but in the meantime it’s important to stress that no real-world attacks using it have yet been detected. That said, an attacker exploiting the flaw would be able to monitor all data travelling through a gateway such as files, emails and logins and have the power to infect connected...
  • Iranian hackers downed Adelson's casino empire

    12/12/2014 7:25:31 AM PST · by Cincinatus' Wife · 11 replies
    The Hill ^ | December 12, 2014 | Cory Bennett
    n February, Iranian hackers took down the computer system of gambling magnate Sheldon Adelson’s casino empire, wiping hard drives clean and shutting down email. Las Vegas Sands, the world’s largest gaming company, was devastated by the attack. But until a Bloomberg Businessweek report Thursday night, the company had never revealed the extent of the hack. Coming months before the recent hack on Sony Pictures, the hit on Sands is now believed to be the first major destructive cyberattack on a U.S. business, although there are likely others that have gone unreported. From the instant the offensive started, Las Vegas Sands...
  • Anyone here have experience with PCMATIC?

    12/07/2014 9:30:05 AM PST · by TurboZamboni · 55 replies
    me | 12-7-14 | TZ
    I'm not renewing my paid subscription to AVG as it gets more worthless every year. (Windows based PC)
  • Details Emerge on Malware Used in Sony Hacking Attack

    12/03/2014 2:28:58 AM PST · by TigerLikesRooster · 7 replies
    recode.net ^ | December 2, 2014, | Arik Hesseldahl
    Details Emerge on Malware Used in Sony Hacking Attack December 2, 2014, 7:31 AM PST By Arik Hesseldahl New details have emerged about the hacking attack against Sony Pictures Entertainment, the motion picture studio which last week came under a withering digital siege that investigators say may have originated from North Korea. Late Monday the FBI issued a confidential five-page warning to U.S. businesses concerning malicious software, or malware, used to carry out destructive attacks. The warning did not name Sony as a victim of the malware, though it is said to be a direct response to the breach at...
  • Iranian hackers compromised airlines, airports, critical infrastructure companies

    12/02/2014 7:33:30 PM PST · by grandpa jones · 11 replies
    IT World ^ | 12/2/14 | Lucian Constantin
    For the past two years, a team of Iranian hackers has compromised computers and networks belonging to over 50 organizations from 16 countries, including airlines, defense contractors, universities, military installations, hospitals, airports, telecommunications firms, government agencies, and energy and gas companies. The attacks have collectively been dubbed Operation Cleaver after a string found in various malware tools used by the hacker group, which is believed to operate primarily out of Tehran. "We discovered over 50 victims in our investigation, distributed around the globe," said researchers from IT security firm Cylance in an extensive report released Tuesday. "Ten of these victims...
  • FBI warns US businesses of 'destructive' malware

    12/01/2014 3:46:00 PM PST · by Dacula · 31 replies
    The FBI warned U.S. businesses that hackers have used malicious software to launch destructive attacks in the United States, following a devastating cyberattack last week at Sony Pictures Entertainment. The five-page, confidential "flash" warning issued to businesses late on Monday provided some technical details about the malicious software that was used in the attack, though it did not name the victim. An FBI spokesman declined comment when asked if the software had been used against the California-based unit of Sony Corp. The Sony attack resulted in five films being leaked online, including the updated version of "Annie." In the attack...
  • Android tablets at Best Buy, Target, Amazon, Walmart found to with security flaws, malware

    11/26/2014 12:42:15 AM PST · by Swordmaker · 21 replies
    Apple Insider ^ | Tuesday, November 25, 2014, 01:14 pm | By Daniel Eran Dilger
    All of the dozen different "doorbuster" Android tablets Bluebox examined were found to include unpatched Android vulnerabilities including Masterkey, FakeID, Heartbleed and Futex, while more than a quarter were sold with security misconfigurations or active backdoors installed. Bluebox discovered Android's Masterkey "zombie botnet" vulnerability last year and detailed FakeID super malware earlier this summer. While Google has released patches for both flaws—in addition to Android's Heartbleed and Futex bugs—the fact is that major retailers are actively promoting new Android products that still harbor these unpatched vulnerabilities. Several devices also ship with remote exploits wide open, block access to Google Play...
  • Now e-cigarettes can give you malware

    11/21/2014 3:40:53 PM PST · by upchuck · 20 replies
    Guardian ^ | Nov 21, 2014 | Alex Hern
    E-cigarettes may be better for your health than normal ones, but spare a thought for your poor computer – electronic cigarettes have become the latest vector for malicious software, according to online reports. Many e-cigarettes can be charged over USB, either with a special cable, or by plugging the cigarette itself directly into a USB port. That might be a USB port plugged into a wall socket or the port on a computer – but, if so, that means that a cheap e-cigarette from an untrustworthy supplier gains physical access to a device. A report on social news site Reddit...
  • Sheriff's department files held for ransom by malware

    11/14/2014 7:01:23 AM PST · by Brother Cracker · 21 replies
    Odd_News ^ | Nov. 13, 2014 | Ben Hooper
    DICKSON, Tenn., - A Tennessee sheriff's department said it paid more than $500 ransom to release files locked away by malicious software accidentally downloaded into the system. Detective Jeff McCliss, IT director for the Dickson County Sheriff's Office, said the "Cryptowall" program was installed into the department's computer system in late October when someone streaming local radio station WDKN accidentally clicked on a rotating ad that had been infected with the malware. McCliss and Sheriff Jeff Bledsoe said Cryptowall put a lock on the department's case folder and demanded $572 worth of anonymous online currency Bitcoins to unlock the files....
  • Security Flaw in iOS Opens Malware Door for Cyber Crooks

    11/12/2014 9:21:19 AM PST · by SeekAndFind · 23 replies
    The VAR GUY ^ | 11/12/2014 | DH Kass
    Security provider FireEye (FEYE) is cautioning that an opening in Apple’s (AAPL) iOS leaves most iPhones and iPads vulnerable to hackers attempting to swap installed, trusted applications for rogue software capable of stealing sensitive and confidential information from the user. FireEye first reported the bug to Apple in late July, dubbing the way it infiltrates iOS 7.1.1 and later devices (including the most recent iOS 8 and iOS 8.1 updates), a “Masque Attack.” The hack requires users first click on a malicious link included in an email or text message that targets the location of the malware download, tricking users...
  • Apple iOS bug makes devices vulnerable to attack: experts

    11/10/2014 2:28:47 PM PST · by SeekAndFind · 30 replies
    Reuters ^ | 11/10/2014 | Jim Finkle
    Researchers have warned that a bug in Apple Inc's (AAPL.O) iOS operating system makes most iPhones and iPads vulnerable to cyber attacks by hackers seeking access to sensitive data and control of their devices. Cybersecurity firm FireEye Inc (FEYE.O) published details about the vulnerability on its blog on Monday, saying the bug enables hackers to access devices by persuading users to install malicious applications with tainted text messages, emails and Web links. The malicious application can then be used to replace genuine, trusted apps that were installed through Apple's App Store, including email and banking programs, with malicious software through...
  • 'Trojan Horse' Bug Lurking in Vital US Computers Since 2011

    11/06/2014 12:36:14 PM PST · by driftdiver · 106 replies
    ABCNews ^ | Nov 6, 2014 | JACK CLOHERTY and PIERRE THOMAS
    A destructive “Trojan Horse” malware program has penetrated the software that runs much of the nation’s critical infrastructure and is poised to cause an economic catastrophe, according to the Department of Homeland Security. National Security sources told ABC News there is evidence that the malware was inserted by hackers believed to be sponsored by the Russian government, and is a very serious threat. The hacked software is used to control complex industrial operations like oil and gas pipelines, power transmission grids, water distribution and filtration systems, wind turbines and even some nuclear plants. Shutting down or damaging any of these...
  • The iPhone just lost its perfect security record — now what?

    11/06/2014 10:14:15 AM PST · by for-q-clinton · 221 replies
    The Verge ^ | 6 Nov 2014 | Russell Brandom
    For most of the iPhone's lifespan, it's been effectively immune to malware. There were theoretical attacks and viruses targeting jailbroken phones, but thanks to the tight controls of the App Store, finding iOS malware in the wild has been nearly impossible. If you didn't jailbreak your phone and you weren’t targeted by the NSA, you simply didn't have to worry about catching a virus. Yesterday, that changed. A security firm called Palo Alto Networks discovered a malware program they’re calling Wirelurker, which sneaks into computers through unauthorized Chinese apps, then attacks iOS devices when they connect over USB. It’s an...
  • How to protect OS X from the “rootpipe” vulnerability

    11/04/2014 7:32:21 PM PST · by Swordmaker · 19 replies
    Mac Issues ^ | November 4, 2014 | by Topher Kessler
    A relatively long-standing vulnerability in OS X has been uncovered by a Swedish hacker, Emil Kvarnhammar, who has dubbed it “rootpipe” by the so-far undisclosed method in which it can be used to take control of your Mac. In this vulnerability, a flaw allows a hacker to gain administrative access of a system without supplying a password, and then be able to interact with your Mac as an administrator. In an interview with MacWorld, Kvarnhammar describes this bug as having been present in OS X 10.8.5, but he was not able to replicate it in 10.9; however, Apple has shuffled...
  • Researcher Finds Tor Exit Node Adding Malware to Binaries

    10/24/2014 6:54:44 PM PDT · by Utilizer · 22 replies
    The Kaspersky Lab Security News Service ^ | October 24, 2014 , 12:07 pm | Dennis Fisher
    A security researcher has identified a Tor exit node that was actively patching binaries users download, adding malware to the files dynamically. The discovery, experts say, highlights the danger of trusting files downloaded from unknown sources and the potential for attackers to abuse the trust users have in Tor and similar services. Josh Pitts of Leviathan Security Group ran across the misbehaving Tor exit node while performing some research on download servers that might be patching binaries during download through a man-in-the middle attack. Downloading any kind of file from the Internet is a dodgy proposition these days, and many...
  • Cyber security Expert Gary Milefsky (flashlight app on smartphones)

    10/19/2014 5:43:12 AM PDT · by Mechanicos · 17 replies
    YouTube ^ | Unknown | Bret Baire via YouTube
    http://www.youtube.com/watch?v=Q8xz8xKEFvU/a>
  • Internet Explorer stars in monster October Patch Tuesday

    10/12/2014 12:22:15 PM PDT · by Utilizer · 8 replies
    The Register ^ | 10 Oct 2014 | John Leyden
    October is stacking up to be a bumper Patch Tuesday update with nine bulletins lined up for delivery — three rated critical. Cloud security firm Qualys estimates two of the lesser "important" bulletins are just as bad however, as they would also allow malicious code injection onto vulnerable systems. Top of the critical list is an update for Internet Explorer that affects all currently supported versions 6 to 11, on all operating system including Windows RT. Vulnerabilities discovered in most versions of Windows Server, Windows 7 and 8, and the .NET framework are covered in the other pair of critical...
  • dairy queen confirms malware intrusion at some u.s. locations

    10/10/2014 5:47:13 PM PDT · by TurboZamboni · 10 replies
    Dairy Queen ^ | 10-9-14 | Dean A. Peters
    EDINA, MINN. — International Dairy Queen, Inc. today confirmed that the systems of some DQ® locations and one Orange Julius® location in the U.S. had been infected with the widely-reported Backoff malware that is targeting retailers across the country. The company previously indicated that it was investigating a possible malware intrusion that may have affected some payment cards used at certain DQ locations in the U.S. Upon learning of the issue, the company conducted an extensive investigation and retained external forensic experts to help determine the facts. Because nearly all DQ and Orange Julius locations are independently owned and operated,...
  • Critical USB hack goes public; how bad is the risk?

    10/05/2014 8:51:31 PM PDT · by TChad · 16 replies
    The Atlanta Journal-Constitution ^ | 10/4/2014 | Matt Picht
    Because we just don't already have enough tech security problems to worry about, computer science researchers have just published a potentially catastrophic security exploit.
  • Large-scale malvertising campaign hidden in online ads hits Last.fm

    09/22/2014 10:47:02 AM PDT · by Ernest_at_the_Beach · 20 replies
    theinquirer.net ^ | Fri Sep 19 2014, 16:45 | By Lee Bell
    1 SECURITY OUTFIT MALWAREBYTES has warned of a malvertising attack that appears to be part of a large scale, ongoing campaign affecting a number of popular websites such as Last.fm.Users are getting infected by the exploit kit that is hidden in online ads, which means they probably don't even know the payload is on their computer.Malwarebytes said The Times of Israel and The Jerusalem Post were affected by the same attack campaign and looking further into it discovered "it is much bigger" than first thought because it involves doubleclick.net, a subsidiary of Google for online ads, and Zedo, a...