Malware - Infoworld en Mysterious malware steals Apple credentials from jailbroken iOS devices <p>A malware campaign of yet-to-be-determined origin is infecting jailbroken iPhones and iPads to steal Apple account credentials from SSL encrypted traffic.</p> <p>The threat was discovered after some users <a href="" target="_blank">reported on Reddit</a> that they experienced crashes in some applications as a result of a mysterious MobileSubstrate add-on called Unflod.</p> Mobile Technology Security Anti-spyware iOS iPad iPhone Jailbreak Apps Mobile Security Malware Tue, 22 Apr 2014 12:33:26 +0000 admin 240954 at Michaels security breach affected nearly 3 million payment cards <p>About 2.6 million payment cards at Michaels Stores and another 400,000 at subsidiary Aaron Brothers may have been affected in a card skimming attack that compromised its point-of-sale systems, the retailer said Thursday.</p> <p>Michaels said it had found evidence confirming that its systems and those of Aaron were attacked using sophisticated malware that had not been encountered previously by either of the security firms it had retained to investigate a suspected breach. It did not provide details of the malware.</p> Security Data Security Intrusion Detection Malware Fri, 18 Apr 2014 11:56:15 +0000 admin 240802 at Google patches Android icon permissions attack <p>Google has issued a patch for an attack that could lead an Android user to a phishing site, according to security vendor FireEye. FireEye recently spotted an malicious Android application that could modify the icons of other applications so that when they're launched, they send victims to a phishing website.</p> <p>The malware is abusing a set of permissions known as "" and ""</p> Mobile Technology Security Google Android Mobile Security Malware Patch Management Phishing Tue, 15 Apr 2014 11:39:01 +0000 admin 240495 at Stung by file-encrypting malware, researchers fight back <p>Jose Vildoza's 62-year-old father was using his old Windows computer when a warning in broken English flashed on the screen: your files have been encrypted.</p> <p>Vildoza's father, who speaks Spanish, didn't understand the warning, which demanded payment in order to decrypt the files. When Vildoza looked at it, he knew it was bad. And he became angry.</p> Security Cyber Crime Data Loss Prevention Encryption Endpoint Protection Malware Thu, 10 Apr 2014 11:54:58 +0000 admin 240226 at Update: Yahoo email anti-spoofing policy breaks mailing lists <p>In an attempt to block email spoofing attacks on addresses, Yahoo began imposing a stricter email validation policy that unfortunately breaks the usual workflow on legitimate mailing lists.</p> Security Yahoo Email Software Malware Security Management Security Tools Tue, 08 Apr 2014 14:05:15 +0000 admin 240068 at Microsoft to start blocking adware that lacks easy uninstall <p>Microsoft has toughened its criteria for classifying programs as adware and gave developers three months to conform with the new principles or risk having their programs blocked by the company's security products.</p> <p>The most important change in Microsoft's policy is that adware programs will be blocked by default starting July 1. In the past such programs were allowed to run until users chose one of the recommended actions offered by the company's security software.</p> Security Endpoint Protection Malware Fri, 04 Apr 2014 14:26:42 +0000 admin 239891 at Mistake in CryptoDefense ransomware leaves decryption key accessible <p>A malicious software program that encrypts a person's files until a ransom is paid has a crucial error: it leaves the decryption key on the victim's computer.</p> <p>Symantec analyzed a program called CryptoDefense, which appeared late last month. It's one of an extensive family of malware programs that scramble a person's files until a pricey ransom is paid, a long-running but still profitable scam.</p> Security Encryption Malware Tue, 01 Apr 2014 12:04:09 +0000 admin 239551 at Security vendor Trustwave named in Target data breach suit <p>Security vendor Trustwave was accused in a class-action suit of failing to detect the attack that led to <a href="">Target's data breach</a>, one of the largest on record.</p> <p>Target, which is also named as a defendant, outsourced its data security obligations to Trustwave, which "failed to live up to its promises or to meet industry standards," alleged the suit, filed Monday in U.S. District Court for the Northern District of Illinois.</p> Security Cyber Crime Data Security Intrusion Detection Malware Wed, 26 Mar 2014 11:45:46 +0000 admin 239119 at ATM malware, controlled by a text message, spews cash <p>A group of enterprising cyber criminals have figured out how to get cash from a certain type of ATM -- by text message.</p> <p>The latest development was spotted by security vendor Symantec, which has periodically written about a type of malicious software it calls "Ploutus" that first appeared in Mexico.</p> Security Cyber Crime Malware Tue, 25 Mar 2014 11:15:03 +0000 admin 239028 at A thin lifeline for XP users: New Malwarebytes suite will support the OS <p>As Malwarebytes announces its new Anti-Malware Premium suite Monday morning, it comes with a nice present for Windows XP users: lifetime support. &nbsp;Perhaps it isn't entirely surprising given that, according to the company, 20 percent of its user base remains on Windows XP. Microsoft is actually <a href="" target="_blank">extending malware support</a> well beyond the XPocalypse date of April 8, but knowing other companies have your back is a rare bright spot.</p> Microsoft Windows Security Windows XP Microsoft Windows Anti-virus Malware Mon, 24 Mar 2014 14:30:31 +0000 admin 238949 at Chemical and drug makers are the biggest malware magnets <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="" alt="Chemical and drug makers are the biggest malware magnets" width="243" height="182" align="right" /></div><p>How likely are you to run into Web malware? Depending on the industry you're working in, either not very -- or far more often than you ever imagined.</p> Security Cyber Crime Malware Mon, 24 Mar 2014 10:00:00 +0000 InfoWorld Tech Watch 238909 at Speedy attack targets Web servers with outdated Linux kernels <p>Web servers running a long-outdated version of the Linux kernel were attacked with dramatic speed over two days last week, Cisco Systems said on Thursday.</p> <p>All the affected servers were running the 2.6 version, first released in December 2003, of the Linux kernel, which is the core of the operating system. Most were running a 2.6 Linux kernel version released in 2007 or earlier, <a href="" target="_blank">wrote</a> Martin Lee, technical lead of Threat Intelligence for Cisco.</p> Open Source Software Security Linux Cyber Crime Malware Fri, 21 Mar 2014 11:44:01 +0000 admin 238853 at Bitcoin-stealing malware hidden in Mt. Gox data dump <p>An archive containing transaction records from Mt. Gox that was released on the Internet last week by the hackers who <a href="" target="_blank">compromised the blog of Mt. Gox CEO Mark Karpeles</a> also contains bitcoin-stealing malware for Windows and Mac.</p> <p>Security researchers from antivirus firm Kaspersky Lab analyzed the 620MB file called and concluded that in addition to various Mt. Gox-related documents and data, it contains malicious binary files.</p> Security E-commerce Cyber Crime Malware Mon, 17 Mar 2014 14:36:09 +0000 admin 238500 at NSA denies Facebook snooping as Zuckerberg lays into Obama <p>An article that accused the National Security Agency of impersonating Facebook to spy on U.S. citizens has triggered a denial from the NSA and a reprimand for the U.S. president from CEO Mark Zuckerberg.</p> Security Facebook Internet Privacy Malware Social Networking Government Fri, 14 Mar 2014 12:10:32 +0000 admin 238382 at Major companies, like Target, often fail to act on malware alerts <p>Companies that suffer major data breaches almost always portray themselves as victims of cutting edge attack techniques and tools. The reality, though, is often much more mundane.</p> <p>Case in point: Target, which last year was hit with a <a href="" target="_blank">major data breach</a> that exposed to hackers data on some 40 million credit and debit cards and personal data on another 70 million customers.</p> Security Malware Security Management Fri, 14 Mar 2014 11:15:41 +0000 admin 238402 at Android exploit eats up WhatsApp chat databases <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 192px;"><img src="" alt="Android exploit eats up WhatsApp chat databases" width="243" height="182" align="right" /><br /><em><p align="right">Credit: iStockphoto</p> Security Android Mobile Apps Encryption Hacking Malware Thu, 13 Mar 2014 10:00:00 +0000 InfoWorld Tech Watch 238265 at NSA's plans reportedly involve infecting millions of computers with surveillance malware <p>The U.S. National Security Agency has reportedly been working for the past several years on expanding its ability to infect computers with surveillance malware and creating a command-and-control infrastructure capable of managing millions of compromised systems at a time.</p> Security The Industry Standard E-government Intrusion Detection Malware Security Tools Wed, 12 Mar 2014 21:14:58 +0000 admin 238275 at Microsoft Patch Tuesday rounds up IE flaws <p>For this month's "Patch Tuesday" round of bug fixes, Microsoft has focused on correcting multiple vulnerabilities in Internet Explorer (IE), including one that is already being used in targeted attacks.</p> Security Malware Patch Management Vulnerability Assessment Wed, 12 Mar 2014 12:20:39 +0000 admin 238197 at New crimeware tool Dendroid makes it easier to create Android malware <p>A new commercial tool designed to allow cybercriminals to easily transform legitimate Android applications into malicious software has hit the underground market, paving the way for cheap and easy development of sophisticated Android malware.</p> <p>The toolkit is called Dendroid and can be used to create "trojanized" apps -- legitimate applications with malicious code added to them -- that connect back to a command-and-control server over HTTP and allow attackers to perform a variety of malicious actions on devices that have those apps installed.</p> Mobile Technology Security Android Mobile Apps Mobile Security Internet Privacy Malware Thu, 06 Mar 2014 20:28:23 +0000 admin 237860 at Report: Half of all exploits target Java <p>Once upon a time, Microsoft was the favorite target of malware developers. As Microsoft improved the defenses in its software, though, cybercrooks moved on to easier pickings. Adobe was a prime target for a while, but Adobe followed Microsoft's lead and made its software more secure as well. According to data from the 2014 IBM X-Force Threat Intelligence Quarterly Report, the favorite target is now Java.</p> Application Development Security Java Programming Malware Thu, 06 Mar 2014 13:19:13 +0000 admin 237800 at