Dell SecureWorks has connected malware used in the RSA SecureID breach to attack campaigns going back several years that have targeted companies in countries around the globe. Using a Remote Access Trojan (RAT) known as “Comfoo,” the attackers have been traced to at least 64 campaigns, according to Joe Stewart, director of malware research at […]
Security experts at BlackBerry and Mozilla have teamed up to develop a testing tool aimed at discovering and fixing software vulnerabilities in Web browsers. The two companies are working together to develop “Peach,” a free testing tool, to improve Web browsers security. Peach was created by Michael Eddington of Déjà vu Security in 2004 and […]
A Texas man and his company has been charged by the U.S. Securities and Exchange Commission (SEC) for defrauding investors in a Ponzi scheme involving bitcoins, a virtual currency used online. Federal investigators said this was the first Ponzi scheme they have uncovered that involves bitcoins, but as in all Ponzi schemes the accused promised […]
Numbers never lie—except when they are used to draw false conclusions. And if those false conclusions are part of an IT security strategy, then nothing good can happen. Just ask Brian Martin and Steve Christey, members of the CVE (Common Vulnerabilities and Exposures) Editorial Board, who at the upcoming Black Hat USA conference (July 27 […]
Getting the most out of mountains of log data can be trying to say the least. In a conference where many are focused on defeating security, independent researcher Alexandre Pinto wants to find ways to make defending enterprise networks both smarter and easier. At the upcoming Black Hat conference in Las Vegas, Pinto plans to […]
Microsoft and Adobe Systems released a series of critical security updates for their customers to close down security holes before hackers sneak in. As part of Patch Tuesday, Microsoft issued patches for 34 vulnerabilities across its product lines. Six of the seven bulletins this month are rated “Critical,” while the remaining bulletin is considered “Important.” […]
Microsoft is planning to patch several critical vulnerabilities next week for Patch Tuesday, including a Windows vulnerability that recently sparked a debate regarding responsible disclosure. All totaled, the company will be releasing seven security bulletins July 9, including six that are rated “critical” and affect Internet Explorer, Windows, the .NET Framework, Silverlight and GDI+. “IT […]
Facebook has fixed a vulnerability that a U.K. security researcher discovered could have been used to hijack user accounts via Facebook’s Mobile Texts feature. The researcher, who goes by the nickname ‘fin1te,’ was rewarded with $20,000 via Facebook’s bug bounty program for finding the flaw and reporting it to social network last month. “Facebook gives […]
Browser vendor Opera Software disclosed June 26 that its network had been successfully attacked, enabling hackers to gain access to an expired Opera code-signing certificate. The certificate has been used to sign malware, according to Opera, which added that user data was not affected in the attack. “On June 19th we uncovered, halted and contained […]
Google has added statistics about malware and phishing attacks to the company’s Transparency Report as a means of educating users about threats on the Web. “Two of the biggest threats online are malicious software (known as malware) that can take control of your computer, and phishing scams that try to trick you into sharing passwords […]