Targeted attacks, mobile vulnerabilities on the rise
The findings of the latest “Internet Security Threat Report” from Symantec can be summed up as: “Attacks are rising, but the number of new vulnerabilities is decreasing.” This describes the threat landscape in 2011 in which hackers continued to exploit…
MasterCard, Visa confirm credit card data theft described as ‘massive’
Just when we thought the big credit card data breaches were over, atleast for a while (with Alberto Gonzalez put away after his scams at TJX, Heartland Payments and others) – along comes a new one reported today in www.Krebsonsecurity.com….
Critical Java hole being exploited on a large scale
Criminals are increasingly exploiting a critical hole in the Java Runtime Environment to infect computers with malicious code when users visit a specially crafted Web page. According to a security blogger, the reason for this increased activity is that the…
First time Office documents for MacOS are vulnerable.
New exploit uses old Office vulnerability for OS X malware delivery. Some malware groups have recently been found to be taking advantage of an old, patched vulnerability in Microsoft Office for OS X in an attempt to spread command-and-control malware…
Malware to increasingly abuse DNS
Security researchers have looked at ways to abuse the domain-name service (DNS) for years. Now, some researchers are warning the protocol may increasingly be used to help criminals communicate with compromised systems. At the RSA Conference in February, a senior…
Facebook scammers host Trojan horse extensions on Chrome Web Store.
Cybercriminals are uploading malicious Chrome browser extensions to the official Chrome Web Store and using them to hijack Facebook accounts, according to security researchers from Kaspersky Lab. The rogue extensions are advertised on Facebook by scammers and claim to allow…
Flash-based rogue AV targets users
In a recently discovered spam e-mail campaign promoting fake AV, the links in the messages take users to one of more than 300 compromised domains. Once users lands on the page, a JavaScript message warning about a “critical process activity”…
Hackers Turn Credit Report Websites Against Consumers.
The most important tool consumers have to fight against ID theft has been turned against them by hackers, msnbc.com has learned. Websites that offer consumers a chance to see their credit reports are being brazenly used by hackers to steal…
Microsoft closes critical RDP hole in Windows.
Microsoft released six security bulletins to close seven holes. It said one of the bulletins (MS12-020), rated as critical, addresses two privately reported vulnerabilities in its implementation of the Remote Desktop Protocol (RDP). The first is a “critical-class” issue in…
Malicious proxies may become standard fare
A number of security-as-a-service applications — from Postini to OpenDNS to Zscaler — reroute domain-name system (DNS) requests through centralized servers or proxies to detect security threats and sanitize traffic before it reaches the client network. Yet proxies are not…