INSTA-LEADS: Our Full-Service B2B Marketing Program Delivers Sales-Ready Leads Click to Learn More!
Welcome Guest | Sign In
ECommerceTimes.com
CyberSource Peak Season Fraud Management Guide
NotCompatible Mobile Malware Gets Badder
November 21, 2014
A new version of the NotCompatible malware, which first appeared in 2012, is bigger, badder and pretty much indestructible, Lookout Security reported. And it can compromise corporate networks, thanks to the BYOD trend. The malware, called "NotCompatible C," focuses on Android devices. The NotCompatible Trojan is used to spread spam campaigns, among other nefarious activities.
Citadel Trojan Adds Keylogging to Arsenal
November 21, 2014
Cybercriminals are using a new version of the dangerous Citadel Trojan, which has been employed to attack the financial and petrochemical industries, to compromise password and authentication solutions, IBM Trusteer has reported. The new version begins capturing keystrokes, or keylogging, when some processes are running. It was discovered on a server that already had been infected.
China Suspected in Attacks on USPS, NOAA
November 19, 2014
The U.S. Postal Service and National Oceanic and Atmospheric Administration last week confirmed that their computer systems were targeted in months-long cyberattacks that appear to have originated in China. The attack on USPS compromised information of an estimated 800,000 employees. Data at risk includes names, date of birth, Social Security numbers, addresses and dates of employment.
Researchers Shine Spotlight on OS X/iOS Masque Attack
November 12, 2014
Researchers at FireEye on Monday made public the existence of the Masque Attack, which threatens iOS and Mac OS X operating systems. Masque Attack exploits a flaw in Apple's OSes that allows the replacement of one app by another so long as both apps use the same bundle identifier. All apps, except those preinstalled on iOS, such as Mobile Safari, can be replaced.
USPS Employees, Retirees, Customers Exposed in Hack Attack
November 11, 2014
Hackers siphoned off data from United States Postal Service servers for more than eight months before being detected, the USPS said. The personal data -- including names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment and emergency contact information -- of more than 800,000 employees and some retirees has been exposed.
Apple-Pestering WireLurker Banished for Now
November 07, 2014
Palo Alto Networks on Wednesday reported that more than 400 apps infected with a malicious program it calls "WireLurker" have been downloaded 356,104 times by Chinese Mac owners from Maiyadi, an online app store unaffiliated with Apple. The malware does no harm to the Macs it infects but when the computer connects via USB to an iOS device -- an iPhone or iPad -- it delivers its malicious payload.
Russian Cyberspies Caught With Mittens in Cyber Cookie Jar
November 06, 2014
Russian cyberspies -- unlike their Chinese counterparts -- have a reputation for stealth, so it's unusual when two digital espionage operations linked to the Kremlin come to light in a week. FireEye early last week released a report detailing how hackers working for the Russian government have been using sophisticated techniques over a seven-year period to penetrate computer systems.
The Long and Winding Road to Shellshock Recovery
October 29, 2014
Four days after Shellshock was disclosed, Incapsula's Web application firewall deflected more than 217,000 attempted exploits on more than 4,100 domains. The company recorded upwards of 1,970 attacks per hour, from more than 890 IPs around the world. Shellshock was expected to be far worse than the Heartbleed flaw, which was expected to impact about 17 percent of the secure Web servers worldwide.
Mobile Malware Takes Victims by Surprise
October 28, 2014
Malware writers behind Koler, a bad app that attacks Android devices, have upped their game with a new variant of the pernicious program. In its original version, Koler hijacked phones it landed on and wouldn't set them free until a ransom was paid. This latest strain of the malapp also does the ransomware thing, but it takes its malignancy a step further.
Staples May Be Next to Wear Data Breach Scarlet Letter
October 21, 2014
Yet another major retailer -- this time, office supply chain Staples -- reportedly has fallen victim to a data breach. More than half a dozen banks operating on the East Coast have seen fraudulent charges made at non-Staples businesses, such as supermarkets and other big-box retailers, by people using Staples cards. Those cards apparently were used previously at three Staples stores in the area.
Microsoft Patch Blocks Sandworm Tunnels
October 17, 2014
iSight Partners this week revealed that a cybergang it dubbed "Sandworm" has been exploiting a zero-day vulnerability that impacts all supported versions of Microsoft Windows, including Windows Server 2008 and 2012. The announcement was held off until Microsoft issued its patch earlier this week. If exploited, the flaw will let attackers remotely execute code on target systems.
Kaspersky Probes ATM Malware Mystery
October 10, 2014
Kaspersky Lab this week reported that criminals have been emptying ATMs and infecting them with malware dubbed "Tyupkin." About 50 machines have been infected in eastern Europe, and the attacks have spread to the United States, India and China, based on statistics culled from VirusTotal, Kaspersky said. The attackers target ATMs running Windows 32-bit operating systems.
Phishers Find Apple Most Tasty Target
October 07, 2014
"Follow the money" isn't just the war cry of journalistic bloodhounds hot on the trail of political corruption. It's the mantra of Web predators, too. That's why PayPal consistently has been the top brand targeted by phishers -- although that appears to have changed. Apple now has the dubious distinction of most-phished brand, according to the latest report from the Anti-Phishing Work Group.
EFF Raises Alarm Over ComputerCOP's Spying Ways
October 02, 2014
ComputerCOP software, a parental monitoring application that long has been recommended and distributed by law enforcement agencies, is little more than spyware with significant potential for abuse, the EFF reported Wednesday. The software includes a keylogger that could expose a family's personal information by transmitting what's typed to third-party servers without encryption, the EFF said.
Banks, Businesses Scramble to Smash Bash Shellshock Bug
September 29, 2014
Banks and businesses toiled over the weekend to crush a bug in a widely used open source operating system. The flaw has been in Unix for some 25 years, but it was revealed just last week. If exploited, the vulnerability could be used to inject malicious code or take command of a system or device. Dubbed "Shellshock," it requires patching systems and devices running Apple's OS X, Linux and Unix.
Bash Shellshock Bug Patched but Not Pummeled
September 25, 2014
Researchers on Thursday discovered proof-of-concept code that could take advantage of unpatched computer systems, and found evidence of attacks exploiting the BASH Shellshock bug in the wild. Shellshock, which came to light on Wednesday, could become a major threat to Linux/Unix and Apple operating systems if published patches to BASH are not applied before an attacker cashes in.
Banking Trojan Targets Petrochemical Outfits
September 23, 2014
The pernicious program Citadel has been around for awhile, but it's using some new tricks on new targets. From its humble origins as a "man in the browser" thief of banking credentials, Citadel has become a knave of all trades. Once it lands on a computer, it can be configured in a number of ways with a file from a server operated by Web predators.
Phishing Scam Ensnares eBay Shoppers
September 23, 2014
Attackers for months have been using eBay listings to redirect visitors to password-harvesting scam sites. They use cross-site scripting to hijack shoppers and trick them into handing over personal data. Smartphones, televisions, hot tubs and clothing are among the items supposedly for sale in listings infected with malicious Javascript code. eBay reportedly has been slow to address the issue.
Home Depot Gives 56 Million Customers a Heads Up
September 19, 2014
Home Depot on Thursday said it had excised the malware demon from its computerized payment system after its recent discovery of a security breach in which thieves stole records of 56 million credit cards. Home Depot stopped short of admitting that an ongoing security upgrade may have contributed to the breach. Efforts to harden the system with enhanced encryption are under way.
Web-Surfing Adults More Infection-Prone Than Teens
September 16, 2014
American teens spend a lot more time online than older Web surfers, yet it doesn't seem to increase their vulnerability to malicious activity. Teens last year spent a little more than four hours a day on the Net, while adults in the 50-to-64 age bracket burned two hours, 41 minutes online daily, MarketingCharts found. Those numbers piqued the interest of Enigma Software.
XSS Flaw Burns a Hole in Kindle Security
September 16, 2014
Security consultant Benjamin Mussler last week warned that the Kindle e-book library had a cross-site scripting vulnerability. It appears Amazon previously had fixed the XSS flaw but two months ago reintroduced it in a new version of the "Manage Your Kindle" Web application, according to Mussler. People who download pirated e-books are at greatest risk, he said.
Salesforce Issues Dyre Warning
September 10, 2014
Salesforce.com this week notified its customers that the Dyre malware, which typically targets customers of large financial institutions, might have been tweaked to target some Salesforce users as well. There was no evidence that any Salesforce customers had been impacted, the company said, but if any customer should be affected, it would provide guidance.
Botnet Twists the Knife in iCloud Security
September 10, 2014
Hot on the heels of hackers stealing celebrities' nude photos from their iCloud accounts and posting them on the Web comes news that iCloud users are being targeted again. The Kelihos botnet is sending emails purporting to be from Apple, informing targets they have purchased a film through their iTunes account using a PC or other device not previously linked to their Apple ID.
Home Depot All But Confirms Doozy of a Data Breach
September 03, 2014
Home Depot may have experienced a massive security breach -- possibly on a greater scale than last year's Target breach, which affected an estimated 110 million people. Home Depot said it was investigating the possibility, following security researcher Brian Krebs' Tuesday alert. It appears the perpetrators are the same hackers responsible for the data breaches at Target and elsewhere.

See More Articles in Malware Section >>
Facebook Twitter LinkedIn Google+ RSS