2013 Security Roundup: Cashing In On Digital Information
2013 was another year marked by many changes – for good and bad – in the threat landscape. Some threats waned, others grew significantly, while completely new threats emerged and made life difficult for users. What remained constant, however, were the threats against the safety of digital information. In this entry, we present some of […] more…Malware and Winter Olympics
Whenever there’s a global sporting event, we get questions about the “cyber” angle. Could an event like The Olympics be targeted by malware outbreaks, or maybe DDoS attacks? And while there are some real security concerns, most coverage of cyber attacks during Olympics end up to be incorrectly reported or just hype. This is not […] more…Silicon Plagues
Every academic year since 1986, Darwin College (University of Cambridge) holds a series of eight public lectures. The theme of this year’s series is: Plagues. Recently, Mikko presented the third lecture: Silicon Plagues. The lecture covers 28 years of computer virus history. The lecture is now available online, as well as via several download options. […] more…The Pebble App Store Is Open: Here’s What to Grab First
Pebble has finally opened up its long-awaited app store, and not a moment too soon. We’re ready to see what a smartwatch can really do with a thriving ecosystem of third party developers and a single consolidated marketplace behind it. We already checked out major apps like ESPN, Yelp, and Foursquare with the new Pebble […] more…Defending Against Tor-Using Malware, Part 2
Last week, we talked about what Tor is, how it works, and why system administrators need to be aware of it. Now the question is: should I block Tor, and if I do decide to do that, what can be done to block Tor? Tor, by itself, is not inherently malicious. If a user wants […] more…A Free Solution For DDoS Reflection Attacks: A Decade In Waiting
At the risk of sounding repetitious, there is yet another basic internet protocol that is seeing increased use in distributed denial of service (DDoS) attacks. This time it is NTP, or the Network Time Protocol. It’s not nearly as well known as DNS or HTTP, but just as important. NTP is used to synchronize the […] more…Android: "Fake" Minecraft App
Every other Monday, our Threat Research team contributes to PC Magazine’s Mobile Threat Monday. And yesterday’s post is about a fake (hijacked) Minecraft app. Max Eddy: “F-Secure told SecurityWatch that the phony Minecraft PE is currently available on several Russian app stores. This isn’t surprising as not all third party stores vet their apps as […] more…NSA task force wants major changes in surveillance
A U.S. National Security Agency surveillance review board report, to be released Wednesday, will recommend major changes in the way the agency tracks terrorism suspects, according to news reports. The review board, appointed by President Barack Obama, will recommend that the NSA no longer hold a huge database of U.S. telephone records collected by the […] more…Pirate Bay Moves to Guyana After Domain Suspension, 70 Domains to Go
The Pirate Bay has set sail to a new domain for the third time in a week. After just a few days Peru decided to suspend the site’s .PE domain forcing the torrent site to move to the Guyana-based .GY ccTLD. The Pirate Bay team is not too worried about the domain whack-a-mole and says […] more…Two arrested in Germany for hacking computers they used to generate bitcoins
German police have arrested two persons they accuse of hacking computers and using them to generate bitcoins police valued at more than €700,000 (US$954,000). A third suspect was not taken into custody, police said. read more more…Good Passwords are KEY
Today marks the official launch date of F-Secure KEY. (Our new password assistant application.) But we’re guessing that it hardly feels like an especially busy day for product manager Juha Torkkel. He’s been in full gear ever since Mikko Tweeted about KEY’s “soft” launch one week ago. Which then didn’t turn out to be so […] more…VBS Malware Spreading in Latin America
During the past few months, we’ve been observing increases in the number of systems infected by VBS malware, specifically VBS_SOSYOS, VBS_JENXCUS and VBS_DUNIHI. Most of these systems were found in Latin America, a region targeted by the Banker/Bancos Trojan. Figure 1. VBS malware activity for the past months in Latin America region (LAR) These VBScript […] more…VBScript Malware SOYSOS Deletes CAD Files
Cybercriminals can do just as much damage deleting users’ data as stealing it because file deletion can result in both data or monetary loss. One example would be CryptoLocker, which became notorious for combining the two—demanding money with the threat of data destruction. We recently came across a malware, detected as VBS_SOYSOS, that deletes important image files […] more…LG decides its TVs *don’t* steal personal information – “viewing info” isn’t personal
The story of LG’s “data stealing” TVs continues to twist and turn, with LG now on its third version of what happened, and why. LG is sorry for the confusion caused by reports of problems, but not for the problems themselves – in fact, it doesn’t seem to think they’re a problem at all… Incoming […] more…LG decides its TVs *don’t* steal personal information – "viewing info" isn’t personal
The story of LG’s “data stealing” TVs continues to twist and turn, with LG now on its third version of what happened, and why. LG is sorry for the confusion caused by reports of problems, but not for the problems themselves – in fact, it doesn’t seem to think they’re a problem at all… Incoming […] more…The Story of Clip:rect – A Black Hat SEO Trick
We regularly write about Black Hat SEO hacks here. Such hacks help hackers monetize their access to compromised sites by incorporating them into massive schemes that try to manipulate search engine results for queries that potential clients may be interested in. Think of gray areas like: payday loans, pharmaceuticals, counterfeit drugs and luxury goods. As […] more…More information
- Commoditization vs. Specialization
- New Yorker Indicted for Stealing Card Data via SQL Injection Attacks
- BOOK GIVEAWAY: The Practice of Network Security Monitoring
- How Anthem Shared Key Markers Of Its Cyberattack
- Adobe patches critical vulnerability in ColdFusion application server
- ‘Digital Gangsters’: UK Wants Tougher Rules for Facebook
- Microsoft tells judge: Hold us in contempt of court, we’re NOT giving user emails to US govt
- Petya Ransomware is Here, And It’s Taking Cues from WannaCry
- Hands on with Surface 2 and Surface Pro 2: Second verse, same as the first
- Canadian Heartbleed hacker arrested, charged in connection to malicious bug exploit