Malware & Vulnerabilities

Malware & vulnerabilities news, trends, analysis and practical advice

'Less' is more to malware authors targeting Linux users

Using the "less" Linux command to view the contents of files downloaded from the Internet is a dangerous operation that can lead to remote code execution.

regin

IT BlogwatchBy Richi Jennings

Regin: 'sophisticated' malware, perhaps since 2003, spies on ISPs, telcos, Russians, Saudis

Symantec blows the whistle on 'advanced' Regin malware, stops short of blaming the perp, but the spotlight seems to be falling on the NSA and UK's GCHQ. In IT Blogwatch, bloggers open all five eyes, wide.

White Paper

10 Best Practices for Cloud Business Intelligence: Enabling the Business

Business driven Business Intelligence (BI) and analytics represent a shift in the enterprise that is perfectly aligned with the value proposition of cloud-based analytic solutions.

Traces of Regin malware may date back to 2006

Malware that Symantec says was probably developed by a nation state may have been used for as long as eight years, a length of time that underscores the challenges the security industry faces in detecting advanced spying tools.

Symantec IDs sophisticated 'Regin' malware

Symantec researchers have come across a particularly sophisticated piece of malware, called "Regin" that was likely developed by a nation state and has been used for spying for more than six years.

first-aid medicine cure patch remedy

Why is Microsoft updating Windows PCs for a security bug on the server?

When Microsoft released a critical update for Windows Server this month, it also pushed out a fix for several versions of the Windows OS -- even the technical preview for Windows 10.

national security agency headquarters fort meade maryland

Next TechBy Kevin Fogarty

New tools offer practical help to block official spies

Online civil-rights groups and IBM accidentally struck a blow for individual freedom simultaneously with tools that limit covert surveillance from both hackers and governments

White Paper

10 Best Practices for Integrating Data

Data integration is often underestimated and poorly implemented, taking time and resources. Yet it continues to grow in strategic importance as customer data and touch points grow with the emergence of cloud, social and mobile

Critical XSS flaws patched in WordPress and popular plug-in

New security updates for the WordPress content management system and one of its popular plug-ins fix cross-site scripting vulnerabilities that could allow attackers to take control of sites.

Wikimedia (CC)

IT BlogwatchBy Richi Jennings

Russians easily 'hack' webcams, like others have for YEARS

Webcam hacking is in the news -- and it's bad stuff. But...haven't people been circumventing webcam security using default passwords for years now? How too could anyone forget, recent news about the NSA hacking webcams?

Hacking stealing password data.

Attackers use Citadel malware to target password management apps

Attackers are using the Citadel Trojan program to steal master passwords for password management applications and other authentication programs.

android malware

Android botnet could pose threat to corporate networks

An Android Trojan program that's behind one of the longest running multipurpose mobile botnets has been updated to become stealthier and more resilient.

White Paper

10 Common Problems APM Helps You Solve

Practical advice for you to take full advantage of the benefits of APM and keep your IT environment performing at its peak at all times.

band-aid patch bandage

Microsoft releases emergency patch to stymie Windows Server attacks

Microsoft today released an "out-of-band" security update to patch a vulnerability in all versions of its Windows Server software

Cyberespionage group tied to OnionDuke malware

A malware program distributed recently through a rogue server on the Tor network was also used in targeted attacks against European government agencies.

wirelurker

Suspected WireLurker malware creators arrested in China

Beijing police arrested three people suspected of developing the "WireLurker" malware that may have infected hundreds of thousands of Apple mobile devices.

Sonatype seeks to help developers reduce risk from open-source components

The Sonatype Component Lifecycle Management 2.0 tracks vulnerable third-party components used in software

White Paper

10 Considerations in Moving to a Cloud-Based Contact Center

This ebook offers ten key considerations when moving to a cloud-based contact center. What are your organization's business goals and requirements?

Hacked, unlocked, unsafe.

NOAA confirms cyberattack on four weather sites

Four websites run by the U.S. National Oceanic and Atmospheric Administration have been compromised in recent weeks

patch fix wall bricks fix repair

Microsoft fixes critical crypto flaw, strengthens encryption for older systems

Microsoft fixed a critical vulnerability in the Windows cryptographic library that could expose Windows servers to remote attacks

malware keyboard

Adobe fixes 18 vulnerabilities in Flash Player

Adobe Systems released critical security updates for Flash Player to address 18 vulnerabilities, many of which can be remotely exploited to compromise underlying systems.

huge patch tuesday

IT BlogwatchBy Richi Jennings

33 bugs fixed in GIANT Patch Tuesday catch (one is from 1995)

Microsoft's trustworthy computing team has been working overtime this month: 14 patches, four are 'critical'. Among the flaws is the 'ancient' MS14-066, which affects every single supported version of Windows (and several older ones)....

Sponsored Links

Online Master of Science in Information Systems at Northwestern University

See the Infographic: The Critical Path to an Agile Data Center

+