Thumb drives can be reprogrammed to infect computers #malware

Most USB devices have a fundamental security weakness that can be exploited to infect computers with malware in a way that cannot easily be prevented or detected, security researchers found.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1xH4byK

Attackers exploit remote access tools to compromise retail systems #malware

Malicious hackers are using remote access tools to break into retail point-of-sale systems and plant malware on them, the Department of Homeland Security warned.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1qNXAou

Security Manager's Journal: A ransomware flop, thanks to security awareness #malware

Only one person clicks on a bad link, and she had all her files properly backed up. Maybe employees aren't a security manager's nightmare after all.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1oPXqtT

Popular Internet-of-Things devices aren't secure #malware

A security audit of 10 popular Internet-connected devices -- components of the so-called "Internet of things" -- identified an alarmingly high number of vulnerabilities.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1oMtGOt

Many antivirus products are riddled with security flaws #malware

It's generally accepted that antivirus programs provide a necessary protection layer, but organizations should audit such products before deploying them on their systems because many of them contain serious vulnerabilities, a researcher warned.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1xA3EPa

Zero-day flaws found in Symantec's Endpoint Protection #malware

Symantec's Endpoint Protection product has three zero-day flaws that could allow a logged-in user to move to a higher access level on a computer, according to a penetration testing and training company.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1ts8bW7

Using Instagram on public Wi-Fi risks account hijack #malware

A configuration problem in Facebook's popular Instagram application for Apple devices could allow a hacker to hijack a person's account if they're both on the same public Wi-Fi network.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1zpXkwk

Attackers install DDoS bots on Amazon cloud, exploit Elasticsearch weakness #malware

Attackers are exploiting a vulnerability in distributed search engine software Elasticsearch to install DDoS malware on Amazon and possibly other cloud servers.



from Computerworld Malware and Vulnerabilities News http://ift.tt/UG7Lwc

Attackers install DDoS bots on Amazon cloud, exploiting Elasticsearch weakness #malware

Attackers are exploiting a vulnerability in distributed search engine software Elasticsearch to install DDoS malware on Amazon and possibly other cloud servers.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1mUYFT9

Until the Tails privacy tool is patched, here's how to stay safe #malware

Vulnerabilities in the Tails operating system could reveal your IP address, but you can avoid trouble by taking a couple of precautions.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1zlyqxY

More Malware and Vulnerabilities News #malware

View more Malware and Vulnerabilities news and analysis from Computerworld.com



from Computerworld Malware and Vulnerabilities News http://ift.tt/1fi9Ukh

Russian gov't is willing to pay for a way to ID Tor users #malware

The Russian Ministry of Interior is willing to pay 3.9 million roubles, or around $111,000, for a method to identify users on the Tor network.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1xck3ZU

11 signs you've been hacked -- and how to fight back #malware

Redirected Net searches, unexpected installs, rogue mouse pointers: Here's what to do when you've been 0wned



from Computerworld Malware and Vulnerabilities News http://ift.tt/1omUHI3

Bugcrowd guide aims to smooth the way for reporting software flaws #malware

Handling a software flaw can be messy, both for a security researcher who found it and for the company it affects. But a new set of guidelines aims to make that interaction less mysterious and confrontational.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1pjmdm5

Thousands of sites compromised by WordPress plug-in flaw #malware

A critical vulnerability found recently in a popular newsletter plug-in for WordPress is actively being targeted by hackers and was used to compromise an estimated 50,000 sites so far.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1tGhkrp

Firm says vulnerability in Tails contained in I2P component #malware

A vulnerability broker published a video demonstrating one of several flaws it has found in the privacy-focused Tails operating system, which is used by those seeking to make their Web browser harder to trace.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1pd0k8a

File-encrypting Android ransomware 'Simplocker' targets English-speaking users #malware

A ransomware threat that encrypts files stored on the SD memory cards of Android devices has been updated to target English-speaking users with FBI-themed alerts.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1paRHeg

SQL injection flaw opens door for Wall Street Journal database hack #malware

A vulnerability in a web-based graphics system led to a breach of The Wall Street Journal's network by a hacker, the newspaper acknowledged late Tuesday.



from Computerworld Malware and Vulnerabilities News http://ift.tt/WCGXOQ

Tor Project working to fix weakness that can unmask users #malware

Developers of Tor software believe they've identified a weakness that was scheduled to be revealed at the Black Hat security conference next month that could be used to de-anonymize Tor users.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1nb8Urk

EFF releases Chrome, Firefox plugin to block third-party tracking #malware

The Electronic Frontier Foundation, a digital privacy rights group, has released a downloadable plugin for Chrome and Firefox designed to stop third parties from tracking people's Web browsing.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1p39fZE

Open Wireless Router project aims for better router security, network performance #malware

Advocacy group the Electronic Frontier Foundation wants to address the poor security track record of home routers with a new firmware project that will encourage users to share their Internet connection publicly by setting up guest Wi-Fi networks.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1o1CvUj

Stealthy ransomware 'Critroni' uses Tor, could replace Cryptolocker #malware

Cybercriminals are spreading a new file-encrypting ransomware program that's more powerful and resilient than Cryptolocker, a threat recently shut down by the U.S. Department of Justice.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1yQO8AZ

Home router security to be tested in Defcon contest #malware

Researchers are gearing up to hack an array of different home routers during a contest next month at the Defcon 22 security conference.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1nUEJ7M

Home router security to be tested in upcoming hacking contest #malware

Researchers are gearing up to hack an array of different home routers during a contest next month at the Defcon 22 security conference.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1moxjEH

Aloha point-of-sale terminal, sold on eBay, yields security surprises #malware

Matt Oh, a senior malware researcher with HP, recently bought a single Aloha point-of-sale terminal -- a brand of computerized cash register widely used in the hospitality industry -- on eBay for $200.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1wDGsiq

Emergency vBulletin patch fixes SQL injection vulnerability #malware

Developers of the popular vBulletin Internet forum software have issued emergency patches Wednesday in order to fix a SQL injection vulnerability that could allow attackers to read and manipulate information stored in the databases of vBulletin-based sites.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1zMQL85

Flaw exposes some Cisco home wireless devices to hacking #malware

Nine of Cisco's home and small office cable modems with router and wireless access point functionality need software updates to fix a critical vulnerability that could allow remote attackers to completely compromise them.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1mkrQ1I

Almost a million fake apps are targeting your phone #malware

Fake apps dressed up to look like official ones but actually designed to steal user data are increasingly targeting Android phone users, according to a study by Trend Micro.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1rhBR7D

Kenneth van Wyk: We can't just blame users #malware

Yes, users sometimes do stupid things. Some always will. But developers need to do more to save users from themselves.



from Computerworld Malware and Vulnerabilities News http://ift.tt/WafUdt

Google sets up a cybercrime-busting task force -- Project Zero #malware

Google has set up an internal task force that will work to expose the activities and techniques of malicious Internet wrongdoers, aiming to cut down on the number of targeted cyberattacks.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1jMUyxO

Google sets up ca ybercrime-busting task force -- Project Zero #malware

Google has set up an internal task force that will work to expose the activities and techniques of malicious Internet wrongdoers, aiming to cut down on the number of targeted cyberattacks.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1zFMeo1

Feds declare big win over Cryptolocker ransomware #malware

A status update filed in Pennsylvania by the U.S. Department of Justice said that both the Gameover Zeus botnet and Cryptolocker 'remained neutralized.'



from Computerworld Malware and Vulnerabilities News http://ift.tt/1n6zPFC

New banking malware 'Kronos' advertised on underground forums #malware

A new Trojan program designed to steal log-in credentials and other financial information from online banking websites is being advertised to cybercriminal groups on the underground market.



from Computerworld Malware and Vulnerabilities News http://ift.tt/U54rdA

Future Java 7 patches will work on Windows XP despite end of official support #malware

Oracle has dispelled rumors that the upcoming security update for Java 7 and those it will release in the future might not work on Windows XP.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1qYmcs7

How to sign up for Microsoft's restored security alert email service #malware

Microsoft has restored service to its security advisory mailing list, but it has buried the sign-up form and made it hard to find.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1qYmfnJ

LastPass discloses now-fixed flaws ahead of security conference #malware

Popular password manager LastPass said it fixed two vulnerabilities that were found last year. The disclosure comes just ahead of a security conference where a research paper describing the problems is due to be presented.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1sdWKkm

Oracle to release 115 security patches #malware

Oracle is planning to release 115 security patches for vulnerabilities affecting a wide array of its products, including its flagship database, Java SE, Fusion Middleware and business applications.



from Computerworld Malware and Vulnerabilities News http://ift.tt/VUwCNY

The Gameover Trojan program is back #malware

Cybercriminals are trying to create a new botnet based on what is likely a modification of Gameover Zeus, a sophisticated Trojan program whose command-and-control infrastructure was taken over by law enforcement agencies at the beginning of June.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1mobOIL

Source code for tiny 'Tinba' banking malware leaked #malware

The source code for an impressively small but capable malware program that targets online bank accounts has been leaked, according to CSIS Security Group of Denmark.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1mFUUop

Gmail users on iOS at risk of data theft #malware

Apple users accessing Gmail on mobile devices could be at risk of having their data intercepted, a mobile security company said Thursday.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1y2RyjI

International police operation disrupts Shylock banking Trojan #malware

Police from eight countries together with several private security companies disrupted the online infrastructure used by cybercriminals to control computers infected with a malware program called Shylock.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1onGUgk

Botnet aims brute-force attacks at point-of-sale systems #malware

Thousands of compromised computers are actively trying to break into point-of-sale (POS) systems using brute-force techniques to guess remote administration credentials.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1mzFn9T

Facebook kills Lecpetex botnet, which hit 250K computers #malware

from Computerworld Malware and Vulnerabilities News http://ift.tt/1rRF1yU

Facebook kills 'Lecpetex' botnet, which hit 250,000 computers #malware

from Computerworld Malware and Vulnerabilities News http://ift.tt/1qIrTdq

Patch alert: Update browsers' Flash ASAP to block log-on theft #malware

While Google's Chrome and Microsoft's IE10 and IE11 browsers will automatically update to the latest version of Adobe Flash, anyone using Safari, Firefox, Opera or older versions of IE must do so manually.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1lRZ5cm

Android bug lets apps make rogue phone calls #malware

A vulnerability present in most Android devices allows apps to initiate unauthorized phone calls, disrupt ongoing calls and execute special codes that can trigger other rogue actions.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1xGMa5p

Attack on Dailymotion redirected visitors to exploits #malware

Attackers injected malicious code into Dailymotion.com, a popular video sharing website, and redirected visitors to Web-based exploits that installed malware.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1qI7CGC

Ruby on Rails patches tackle SQL injection vulnerabilities #malware

Two SQL injection vulnerabilities were patched in Ruby on Rails, a popular open-source Web development framework used by some high-profile websites.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1mfrhtZ

Microsoft slates critical IE, Windows patches for Tuesday #malware

Microsoft pans to ship six security updates to customers next week, patching all versions of Internet Explorer and nearly all supported editions of Windows.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1vCwBc6

Cisco patches communications manager to close backdoor access vulnerability #malware

An unprotected SSH access key left inside the Cisco Unified Communications Domain Manager product for remote support purposes allows attackers to take complete control of affected deployments.



from Computerworld Malware and Vulnerabilities News http://ift.tt/1jMLJhQ