Popular desktop Linux distro Ubuntu has potentially serious privacy flaw
A feature in the just-released 16.04 version of Ubuntu could pose a serious threat to the privacy of desktop Linux users, according to a well-known open-source software expert. Version 16.04, the latest long-term-support release of Ubuntu, features a new package format used for installing software on an Ubuntu system, called snap. Snaps are designed to […] more…ATM Malware on the Rise
Automated Teller Machines (ATM) are no longer just affected by the physical attempt of emptying the money safe. Now logical attacks on ATMs are slowly being recognized as an emerging threat by the security industry and law enforcement agencies. ATM malware had been detected by various researchers for a few years now and we have […] more…Locky: the encryptor taking the world by storm
In February 2016, the Internet was shaken by an epidemic caused by the new ransomware Trojan Locky (detected by Kaspersky Lab products as Trojan-Ransom.Win32.Locky). The Trojan has been actively propagating up to the present day. Kaspersky Lab products have reported attempts to infect users with the Trojan in 114 countries around the world. Analysis of […] more…A Root Cause Analysis of the Recent Flash Zero-Day Vulnerability, CVE-2016-1010
On March 10, Adobe has released an emergency out-of-band update to fix a zero-day vulnerability that was being used in targeted attacks. The vulnerability was designated as CVE-2016-1010. To analyze this vulnerability, I examined an earlier version of the Flash Player (Flash32_19_0_0_185.ocx file on Windows 7) to find the root cause of the vulnerability. Root cause analysis In […] more…The evolution of Brazilian Malware
Introduction Brazilian malware continues to evolve day by day, making it increasingly sophisticated. If you want to know how the various malicious programs work nowadays, you can jump to the corresponding section here. Meanwhile, before that, we would like to show how the techniques used by Brazilian cybercriminals have changed, becoming more advanced and increasingly […] more…Hospitals are under attack in 2016
The year 2016 started with a quite a number of security incidents related to hacks of hospitals and medical equipment. They include a ransomware attack on a Los Angeles hospital, the same in two German hospitals, a case of researchers hacking a patient monitor and drug dispense system, an attack on a Melbourne hospital and […] more…All your creds are belong to us
Download the full report (PDF) With astonishing annual revenues of over a hundred billion dollars, the gaming industry has in the past been compared to Hollywood’s burgeoning business, repeatedly demonstrating the influence behind its ever expanding and loyal fan base. Having an endless list of “big hit” video-games coexisting peacefully with humble but still fun-filled […] more…“All your creds are belong to us”
Download the full report (PDF) With astonishing annual revenues of over a hundred billion dollars, the gaming industry has in the past been compared to Hollywood’s burgeoning business, repeatedly demonstrating the influence behind its ever expanding and loyal fan base. Having an endless list of “big hit” video-games coexisting peacefully with humble but still fun-filled […] more…Attack on Zygote: a new twist in the evolution of mobile threats
The main danger posed by apps that gain root access to a mobile device without the user’s knowledge is that they can provide access to far more advanced and dangerous malware with highly innovative architecture. We feared that Trojans obtaining unauthorized superuser privileges to install legitimate apps and display advertising would eventually start installing malware. […] more…Mobile malware evolution 2015
The year in figures In 2015, Kaspersky Lab detected the following: 2,961,727 malicious installation packages 884,774 new malicious mobile programs – a threefold increase from the previous year 7,030 mobile banking Trojans Trends of the year Rise in the number of malicious attachments the user is unable to delete. Cybercriminals actively using phishing windows to […] more…Friends of Penn State (FPS) Kerberos Configuration Change – February 23
On Tuesday, February 23, a configuration change will be made to FPS Kerberos servers during the ITS Maintenance Window (5:00 – 7:00 a.m.). FPS password changes and FPS account creations will not be accepted while work is being completed. Services reliant upon the FPS Kerberos servers may experience intermittent outages with similar functions as well. […] more…Java-based Trojan was used to attack over 400,000 systems
A cross-platform remote access Trojan that’s being openly sold as a service to all types of attackers, from opportunistic cybercriminals to cyberespionage groups, has been used to attack more than 400,000 systems over the past three years. The RAT (Remote Access Tool/Trojan), which depending on the variant is known as Adwind, AlienSpy, Frutas, Unrecom, Sockrat, jRat or […] more…Kaspersky Security Bulletin. Spam and phishing in 2015
Download PDF The year in figures According to Kaspersky Lab, in 2015 The proportion of spam in email flows was 55.28%, which is 11.48 percentage points lower than in 2014. 79% of spam emails were no more than 2 KB in size. 15.2% of spam was sent from the US. 146,692,256 instances that triggered the […] more…Putting the spotlight on firmware malware
Firmware malware has been a hot topic ever since Snowden’s leaks revealed NSA’s efforts to infect BIOS firmware. However, BIOS malware is no longer something exclusive to the NSA, Lenovo’s Service Engine or Hacking Team’s UEFI rootkit are examples of why the security industry should put some focus on this strain of badness.To all effects BIOS is a firmware […] more…PASS NFS Gateway Upgrade to AES Encryption
Kerberos encryption used by nfs.pass.psu.edu will be upgraded to enable AES, on Wednesday, January 6, during the ITS Maintenance Window (5:00 – 7:00 a.m.). A short outage of a few minutes is anticipated to accommodate the work being completed. As a result of the outage, users may need to re-authenticate to obtain a new service […] more…Keytab Generator Config Change
On Wednesday, January 6, during the ITS Maintenance Window (5:00 – 7:00 a.m.), configuration of the Kerberos Keytab Service Principal and Keytab Generator (Keytab Generator) will be changed to enable or prefer AES encryption types over DES and 3DES. In addition, the “oracle” type service principal will be introduced in the Server Keytabs feature. Personal […] more…More information
- Lego builds social network that should be safe for kids
- US court gets UK Twitter hack suspect arrested in Spain
- Coding without a keystroke: The hands-free creation of a full video game
- When Linux Founder Linus Torvalds Leaves, Pandemonium Breaks Loose
- Botnet census finds 1.2m devices with default passwords
- Keeper Sues Ars Technica Over Reporting on Critical Flaw
- China has arrested alleged OPM hackers
- Over 50,000 Revolut Customers Affected by Data Breach
- Firefox 25: Find out what is new
- Hacking group that hit South Korea may be at it again with new target