Malware

(get it in RSS or Atom)

SSCC 144 - iOS malware, fingerprint security, WhatsApp privacy, hacking the taxman [PODCAST]

sscc-144-thumb-250

How bad is the risk from iOS malware? What's the state of play in fingerprint security? Should you trust mobile apps? Is it wise to hack the taxman? What if Brian Krebs calls to warn you've been pwned?

Chet and Duck turn their wit and insight on the week's news...

New iOS malware with a funky name: "Unflod Baby Panda"

panda-250

You may have heard mention, over the past few days, of some curiously-named new iOS malware.

You'll hear it called "Unflod", because of the name of the file in which it was found, as well as "Baby Panda."

Paul Ducklin goes on a Panda expedition...

SSCC 143 - Heartbleed revisited, cybercrooks busted, failed malware cleanup censured by FTC [PODCAST]

sscc-thumb-250

From the latest Heartbleed revelations to various successes by law enforcement, Sophos experts Chester Wisniewski and Paul Ducklin take you through the big computer security stories of the week.

Be entertained as you learn from the news, all in our regular quarter-hour podcast format.

On the trail of Advanced Persistent Threats...

apt-article-250

SophosLabs expert Gabor Szappanos has written a highly-recommended report entitled "Advanced Persistent Threats - the new normal?"

Szappi explains how exploits once seen only in APTs are appearing ever more widely in money-making malware, and why that puts us all at ever greater risk.

Facebook survives, Apple patches, and Naked Security wins! 60 Sec Security [VIDEO]

2014-03-01-hoaxes-250

How harmless is that "Facebook shutting down on 29 February" hoax?

Is system reimaging really a security tool?

Find out this and more! 60 Sec Security - 01 Mar 2014

Notorious "Gameover" malware gets itself a kernel-mode rootkit...

gameover-250

The Gameover botnet gang has been trying new techniques lately: most recently comes the introduction of a kernel-mode rootkit called Necurs, making the malware harder to find and remove.

Senior Researcher James Wyke of SophosLabs investigates...

Are you safe against mobile threats? Check out our tips for keeping the crooks away...

mstr-250

Do you use a mobile device? (Of course you do!)

Read Sophos researcher Vanja Svajcer's paper, "Mobile Security Threat Report," and check out our expert tips for keeping the crooks away...

SSCC 135 - Flappy Bird frenzy, Talking Angela talkfest, NBC hype, Kickstarter and Forbes [PODCAST]

sscc-135-thumb-250

What happened to Flappy Bird? Why was Talking Angela so talked about? Is internet access at the Winter Olympics in Sochi really a "special danger" situation? What can we learn from the database breaches at Kickstarter and Forbes?

Patching XP, Flappy Bird malware, Tesco passwords leaked - 60 Sec Security [VIDEO]

2014-02-15-really-250

Did you really think XP would go patch-free? Is Flappy Bird really dead? Did you really use the same password on more than one site?

60 Sec Security - 15 Feb 2014

Flappy Bird really *is* dead - beware of infected fakes that promise to keep him alive!

flapp-icons-250

News about celebrities to do with births, deaths and marriages often prove to be handy hooks for cybercrooks.

So when the ultra-popular game Flappy Bird was withdrawn recently, the crooks wasted no time pretending to keep him alive...

The Spampionship, the PWN2OWN unicorn, and how Target was breached - 60 Sec Security [VIDEO]

2014-02-08-unicorn-250

Where do you find Extreme Spammers? Can you find the exploit unicorn? And how did Target get breached?

Find out in 60 Sec Security for 08 Feb 2014...

SSCC 133 - Prize unicorns, Android malware, 2FA, Attack reports and Vote For Us! [PODCAST]

sscc-133-thumb-250

Chet and Duck review the week's news in their informed and entertainingly serious style, discussing the prizes on offer at this year's PWN2OWN competition, talking about a new twist in Android malware, and reviewing the latest attack reports from Yahoo and Target...

Android banking malware with a twist in the delivery

Here's an intriguing tale of an Android malware curveball spotted recently in SophosLabs.

You're expecting the pitch to come at you in a predictable direction, but a hidden twist in the action brings the onslaught from another angle altogether...

Craft store Michaels faces second credit card compromise in 3 years

Michaels-250

The largest craft supply store in North America, Michaels, has indicated it may be the latest retail company to have credit cards compromised in a large scale malware attack.

Leaks in logfiles, malware on Macs and Korean credit compromise - 60 Sec Security [VIDEO]

2014-01-25-mac-malware-250

Leaky logic leaves logins loose in logfiles; mendacious mails menace Macs with Mavericks malware, and criminal contractor compromises Korean credit company!

60 Sec Security - 25 Jan 2014...

Digitally signed data-stealing malware targets Mac users in "undelivered courier item" attack

forklift-250

Our colleagues at SophosLabs pointed us at a interesting item of malware the other day, namely a data-stealing Trojan aimed at Mac users.

Paul Ducklin looks at how the attack unfolds...

Target admits "there was malware on our point-of-sale registers"

target-ryg-250

The Target data breach story has turned into a bit of a bus: it's big, has lots of momentum, and three just came along at once.

First: 40M payment card details stolen. Second: 70M names, addresses and the like stolen. Third: looks like there was a specialised botnet involved.

Sophos Techknow - Understanding Botnets [PODCAST]

techknow-logo-170-of-250-at-0250x0250

Botnets, short for "robot networks", are more than just malware: they're the money making machinery of modern cybercriminals.

Paul Ducklin and James Wyke help you to understand the What, How and Why of this troublesome topic...

Malware suspected in Japanese nuclear plant control room - but don't panic

Malware suspected in Japanese nuclear plant control room - but don't be too worried

The control centre of a nuclear power plant really doesn't sound like the sort of place you'd want to see a malware infection, but don't fret - this was no Stuxnet.

"Smarter, shadier, stealthier" - Security Threat Report 2014 helps you understand the enemy

str2014-250

Our latest Security Threat Report is out!

It's a free download (no registration required), and we think you're going to love it, because it paints a fascinating picture of the evolving threat from cybercrime...