Malware

(get it in RSS or Atom)

SSCC 138 - Patching, zero-days, XP, APTs and CryptoLocker [PODCAST]

sscc-138-thumb-250

Join the dynamic duo for another entertaining quarter-hour on security.

There's Patch Tuesday, the impending end of XP, Advanced Persistent Threatitis, and some astonishing statistics about CryptoLocker.

Can we test protection against targeted attacks?

Target. Image courtesy of Shutterstock.

In my day job as a tester of anti-malware solutions, I often get asked the same question: how do I plan to test against Advanced Persistent Threats, aka APTs? These threats are very different from your everyday malware, and testing protection against them turns out to be a very different kind of task.

On the trail of Advanced Persistent Threats...

apt-article-250

SophosLabs expert Gabor Szappanos has written a highly-recommended report entitled "Advanced Persistent Threats - the new normal?"

Szappi explains how exploits once seen only in APTs are appearing ever more widely in money-making malware, and why that puts us all at ever greater risk.

AnonGhost hackers deface a fake bank site

AnonGhost hackers deface a fake bank site

"We are watching you / Don't close your eyes," they wrote on the site, which conceivably might have been scary if they'd actually managed to hack their (presumably) intended target, Yorkshire Bank.

Final countdown, CryptoLocker payout and Full Disk Encryption - 60 Sec Security [VIDEO]

2014-03-08-locked-250

XP is counting down - are you ready? Would you pay the CryptoLocker crooks? And should you use Full Disk Encryption?

Find out in just a minute...watch 60 Sec Security for 08 March 2014!

1 in 30 have been hit by CryptoLocker and 40% pay the ransom, says study

1 in 30 are hit by CryptoLocker, and 40% pay the ransom

An annual survey on computer security issues run by a UK university was published last week. Its stats on the prevalence of ransomware, and how many people give in to the crooks and pay the ransom, raised some eyebrows.

Smucker's online store gets stuck in thieves' web

Smucker's online store gets stuck in thieves' web

The US jam and jelly maker is just the latest fly to get stuck in the same web that ensnared dozens of companies last year, including some of the world's largest data brokers and at least one credit card processor.

SSCC 137 - Apple, rootkits, hacking and data breach laws [PODCAST]

sscc-137-thumb-250

What about support for OS X Lion and Mountain Lion? Can a rootkit be a blessing in disguise? Will federal US data breach laws make things better or worse?

Chester and Duck once again aim their entertaining expertise at the security news of the week...

Man guilty of "fixing" women's computers to spy on them via webcam

UK man "fixes" women's computers to spy on them via webcam

A 30-year-old London man has been found guilty of fiddling with three women's computers so he could spy on them through their webcams.

Our brains work hard to spot phishing scams, but still often fail

Our brains work hard to spot phishing scams, but still fail

Scientists have found a significant increase in brain activity related to problem-solving and decision-making when spotting fake sites. But despite the extra brain-power, it seems we're still pretty bad at it, averaging just a 60% accuracy rate.

Notorious "Gameover" malware gets itself a kernel-mode rootkit...

gameover-250

The Gameover botnet gang has been trying new techniques lately: most recently comes the introduction of a kernel-mode rootkit called Necurs, making the malware harder to find and remove.

Senior Researcher James Wyke of SophosLabs investigates...

How emails can be used to track your location and how to stop it

Chrome extension 'Streak' betrays what time you open mail and your location

A new Google Chrome browser extension lets email senders using Google accounts see when recipients open email, who exactly opened the email, and where the recipient is located. And sorry, but no, recipients don't have a say in the matter whatsoever, since we don't have to sign up for the extension to have it blab about us.

Are you safe against mobile threats? Check out our tips for keeping the crooks away...

mstr-250

Do you use a mobile device? (Of course you do!)

Read Sophos researcher Vanja Svajcer's paper, "Mobile Security Threat Report," and check out our expert tips for keeping the crooks away...

South Korea concocting Stuxnet-like virus to infect enemies

South Korea concocting Stuxnet-like virus to infect enemies

Let's hope that somebody in South Korea remembers that malware doesn't respect borders. Stuxnet escaped from its original cage to bite a whole bunch of countries not originally on the hit list, plus it spawned its nasty son, Duqu.

Flash patched, Forbes hacked and Korea reacts - 60 Sec Security [VIDEO]

2014-02-22-changeme-250

Another Flash emergency already? More SEA hacking? Why have the password "changeme" if you don't? How big a fine for a 20,000,000 record breach?

It'll only take you a minute to find out!

Adobe pushes out critical Flash update - the second zero-day hole of the month

adobe-flash-patch-thumb

Adobe has just updated its Flash product for the second time this month, pushing out an emergency patch for an attack that has been seen in the wild.

Get into RSA 2014 for free – and don't forget to stop by and say "Hello" to Sophos!

rsa-free-pass-250

It's nearly time for the annual RSA conference in San Francisco.

If you'll be in the area, why not grab a free Expo pass and drop by to say "Hello"?

Nursing home data exposed on file-sharing site

Nursing home. Image courtesy of Shutterstock.

Researchers have found a trove of information on a file-sharing site that could allow attackers to breach electronic medical records and payment information from healthcare providers such as nursing homes, doctors' offices and hospitals.

SSCC 135 - Flappy Bird frenzy, Talking Angela talkfest, NBC hype, Kickstarter and Forbes [PODCAST]

sscc-135-thumb-250

What happened to Flappy Bird? Why was Talking Angela so talked about? Is internet access at the Winter Olympics in Sochi really a "special danger" situation? What can we learn from the database breaches at Kickstarter and Forbes?

Why we need to rethink how we view security

Why we need to rethink how we view security

When we look at some of the biggest security headlines of the past year - Target data breach, Cryptolocker ransomware, Snowden/NSA leaks - there's one big lesson we can all be taught: secure everywhere.