New Java security hole affects desktops and servers

Adam Gowdiak, who has made a name for himself by finding flaws in Java, has reported a new vulnerability. Security issue 61, according to Gowdiak’s tally, affects current versions of Java SE 7, including the very latest release version 1.7.0_21-b11. The hole is once again present in the Reflection API and allows attackers to completely bypass…

Read More

April 23, 2013 | by

Facebook closes cross-site scripting holes

Facebook has closed various cross-site scripting (XSS) holes that were discovered by security firm Break Security and which have now been described in greater detail. Break Security’s CEO, Nir Goldshlager, explains that the social network was vulnerable to attacks through its Chat feature as well as its “Check in” and Messenger for Windows components. In…

Read More

April 21, 2013 | by

LulzSec Hacker Gets A Year For Sony Hack

A former LulzSec hacker has been jailed for a year for ransacking Sony Pictures Entertainment’s computer systems. Cody Kretsinger, 25, from Decatur, Illinois – better known to his fellow LulzSec cohorts as “Recursion” – was also ordered to carry out 1,000 hours of community service, and a year of home detention, following his release from…

Read More

April 20, 2013 | by

Boston Marathon Bombing Links May Hide Java-Based Exploits

PCMag: My social media accounts and email inbox are full of links to stories about the horrific incident in Boston earlier this week. I am reading about the victims, the bystanders and first responders that rushed to help, and looking for updates on the investigation. It turns out I should be careful about what links…

Read More

April 17, 2013 | by

Microsoft to plug holes in Windows Defender in Patch Tuesday

Microsoft’s Patch Tuesday on 9 April will be an important spring cleaning day; the company plans to implement nine security bulletins. One of the bulletins deals with vulnerabilities in Windows Defender for Windows 8 and RT; the hole is rated as important and can be exploited to achieve elevated privileges. The headline bulletins will be…

Read More

April 5, 2013 | by

Russian malware spies on US ATMs

Security firm Group-IB has identified a malware program called Dump Memory Grabber that can take debit and credit card data from point-of-sale (POS) terminals and ATMs. The researchers say that the program has already been used to steal data from clients of US banks including Chase, Capital One, Citibank, and Union Bank N.A. as well…

Read More

March 31, 2013 | by

Backdoor Uses Evernote as Command-and-Control Server

With its rich functionality and accessibility, Evernote is a popular note-taking tool for its many users. Unfortunately, it may also provide the perfect cover for cybercriminals’ tracks. We recently uncovered a malware that appears to be using Evernote as a communication and control (C&C) server. The malware attempts to connect to Evernote via https://evernote.com/intl/zh-cn, which…

Read More

March 29, 2013 | by

Turkish FlashPlayer? no! It’s malware

I recently came across the file “FlashPlayer.exe” during the course of regular research. The file had been distributed with the file name FlashPlayer.exe and not surprisingly, when executed, it shows the following GUI, partly written in Turkish: Obviously, it’s disguised as an Adobe Flash Player 11 installer. Here is more info about the file: File…

Read More

March 28, 2013 | by

IRS uncorks Dirty Dozen Tax Scams for 2013

The Internal Revenue Service today reminded taxpayers that there are plenty of scam artists and cybercriminals that want your money. The tax collection agency issued its “Dirty Dozen” list of tax scams that it says peak at this time of year and include: Identity theft Tax fraud through the use of identity theft tops this…

Read More

March 26, 2013 | by