Security threats

(get it in RSS or Atom)

The SoHo router backdoor that was "fixed" by hiding it behind another backdoor

doors-250

How do you fix an "unauthenticated access" backdoor in your router firmware?

Why, you hide it behind another "unauthenticated access" backdoor, of course.

Two backdoors are obviously better than one!

Apple pushes out critical security fixes for OS X, iOS and Apple TV

apple-upd-250

You still can't tell when you're going to get your next update from Apple, but serious security fixes do seem to be coming more frequently these days.

Like the latest round of patches, closing a raft of hackable holes in OS X, iOS and Apple TV...

Google refunds Android users who bought fake Virus Shield app

Google refunds Android users who bought fake Virus Shield app

Earlier this month a fake Android anti-virus app, named Virus Shield, managed to fool thousands of customers into buying it. Now Google is offering full refunds to anyone who bought Virus Shield long after the usual 15-minute refund window, and is also issuing a $5 Play Store credit.

New iOS malware with a funky name: "Unflod Baby Panda"

panda-250

You may have heard mention, over the past few days, of some curiously-named new iOS malware.

You'll hear it called "Unflod", because of the name of the file in which it was found, as well as "Baby Panda."

Paul Ducklin goes on a Panda expedition...

Monday review - the hot 21 stories of the week

dow-250

It's weekly roundup time!

Here's all the great stuff we've written in the past seven days.

Heartbleed bust, Fingerprint fakery, WhatsApp privacy SNAFU - 60 Sec Security [VIDEO]

fb-60ss-250

What happens if you hack your local tax office? Can you trust the Samsung Galaxy S5's fingerprint security? Did WhatsApp finally get security right in its app?

Find out the answers in one entertaining minute of video - it's 60 Second Security!

Don't share your location with your friends on WhatsApp

wapp-loc-250

A group of budding security researchers at the University of New Haven in Connecticut recently taught themselves a handy lesson about the difference between *liking* WhatsApp and *trusting* it.

PCI DSS - What's new in v3.0?

PCI DSS - What's new in v3.0?

If the PCI DSS applies to your business you should also know that the document has been updated. With nearly 100 changes, the current version has incremented one full revision and stands at v3.0. We focus on some of the changes and their impact.

Heartbleed sees first arrest in wake of Canada Revenue Agency breach

Heartbleed sees first arrest in wake of Canada Revenue Agency hack

The arrest of Stephen Arthuro Solis-Reyes, who is alleged to have grabbed 900 Social Insurance Numbers from the Canadian tax authorities over a period of six hours, marks the first time that authorities have apprehended someone in relation to the "heartbleed" bug in OpenSSL.

The Dirty Dozen Spampionship: Who's who in the global spam-sending league?

spampionship-purp-250

It's once again time for our quarterly Spampionship charts.

We looked at the sending countries for all our spam in the first three months of 2014, and turned the figures into a League Table - the sort of league you *don't* want to win!

Phishing boom in China bucks global trends

Fish. Image courtesy of Shutterstock.

There's been a sharp upturn in the numbers of phishing pages observed, with the majority of them hosted in China and targeting Chinese victims and sites, according to analysis of world phishing trends from the Anti-Phishing Working Group (APWG).

SSCC 143 - Heartbleed revisited, cybercrooks busted, failed malware cleanup censured by FTC [PODCAST]

sscc-thumb-250

From the latest Heartbleed revelations to various successes by law enforcement, Sophos experts Chester Wisniewski and Paul Ducklin take you through the big computer security stories of the week.

Be entertained as you learn from the news, all in our regular quarter-hour podcast format.

Hardware maker LaCie admits to year-long credit card breach

Hardware maker LaCie admits to year-long credit card breach

The major hardware maker has admitted to a nearly year-long credit card breach - just the latest in a string of companies that have suffered Adobe ColdFusion vulnerabilities-related exploits.

Cyber extortionists swipe cosmetic surgery records, try to blackmail Harley Medical Group

Cosmetic surgery. Image courtesy of Shutterstock.

Cyber crooks may have broken into Harley Medical Group, a cosmetic surgery firm with 21 clinics in the UK, to filch the intimate details of about 480,000 potential patients and then try to extort money from the company.

No Heartbleed holes in Java, but here comes a sea of patches anyway

hb-no-250

Oracle's quarterly Patch Tuesday updates are out.

Java gets 37 fixes, 35 of them what Oracle calls "Remote Exploit without Authentication".

The silver lining? No Heartbleed bug in Java Standard Edition...

Heartbleed jabs its first victims: UK parents' site Mumsnet, Canadian tax agency

Heartbleed jabs its first victims: UK parents' site Mumsnet, Canadian tax agency

Two high-profile organisations, the UK parenting site Mumsnet and the Canada Revenue Agency, are the first known victims of the Heartbleed OpenSSL vulnerability to experience data breaches.

Obama leaves loophole open for NSA to exploit zero-day vulnerabilities

Obama leaves loophole open for NSA to exploit zero-day vulnerabilities

No, the US White House didn't know about Heartbleed and didn't exploit the OpenSSL bug to snoop, it said, but it's reserving the prerogative to use zero-day exploits as a wedge to pry out intelligence if it serves national security interests.

Zeus malware - nine charged with conspiracy to steal millions of dollars

US charges 9 with stealing millions of dollars with Zeus malware

The US Department of Justice (DOJ) has charged nine individuals over their alleged involvement in a criminal organisation that stole millions of dollars from victims' bank accounts.

Heartbleed, Google Play and XP - 60 Sec Security [VIDEO]

2014-04-12-thumb-250

How hard is Heartbleed recovery? How hard does Google Play try to keep the garbage out? And how hard are you trying to get over XP?

60 Second Security has the answers in a short, fun security video.