Security & Privacy

Malware getting smarter, says McAfee

Malware continues to grow, not just in volume but in sophistication, according to a new report from McAfee.

Released today, the security vendor's fourth-quarter 2012 Threats Report found that more organizations are being targeted by more clever cyberattacks.

The number of trojans designed to steal passwords rose 72 percent last quarter. Some of these trojans are part of "customized" threats, while others are packaged with more "off-the-shelf" forms of malware. As one example, the Citadel trojan was specifically designed to hit financial services companies.

Operation High Roller and Project Bliztkrieg were also cited by McAfee … Read more

Adobe patches critical security flaws in Reader, Acrobat

Adobe has issued a patch to plug up critical security holes in its Reader and Acrobat software.

Released yesterday, the security updates address flaws that could cause the applications to crash and potentially let an attacker gain control of an infected computer. Adobe confirmed last week that the exploits have already led to some targeted attacks against vulnerable systems.

The patches are directed toward the following products and versions:

Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh Adobe Reader 9.5.3 and earlier … Read more

Identity fraud in U.S. is on the rise, report

While cyberattacks and hacking seem to be constantly making headlines these days, identity fraud is also on the rise.

A new report by Javelin Strategy and Research shows that identity fraud has increased for the last three years in a row -- affecting more than 5 percent of U.S. adults. In 2012, 12.6 million people were identity victims.

According to Javelin, identity fraud is up 4.9 percent from 2011 and 4.35 percent from 2010. The firm said that scammers are increasingly gaining access to people's personal information and accounts through data breaches and malware attacks.… Read more

Forum site gives more details on Apple and Facebook hacks

The popular forum site that hackers used to access employee computers at Apple and Facebook gave more details today on how the cyberattack happened.

The site's owner Ian Sefferman confirmed previous reports that hackers injected JavaScript into his site, iPhonedevsdk, and were then able to use a previously unknown exploit to access certain user's computers. He also said that the cyberattack most likely ended on January 30, 2013.

Apple revealed yesterday that hackers targeted computers used by its employees, but that "there was no evidence that any data left Apple." In a statement, the company said … Read more

Biometric USB password key worthy of 'Mission: Impossible'

I hate to use the term "sexy" to describe a gadget, but if the myIDkey isn't "sexy," at least it's "damn fine." It takes the concept of a USB drive that protects all your passwords and does it up right with voice-activated search, biometric fingerprint identification, and Bluetooth.

Making a USB password protection device sound exciting? That's pretty hot.

I'm not the only person who thinks myIDkey is worth a look. It just launched its Kickstarter project and already has pulled in more than $87,000 (and rising fast) toward its $150,000 goal. A $99 pledge gets you a myIDkey with two different protective sleeves.… Read more

China slams cyberattack accusations over lack of proof

China is refuting a report that names its military as the source of recent cyberattacks against the U.S.

A report released this week by U.S. security firm Mandiant linked the People's Liberation Army to a large number of cyberattacks against U.S. corporations, government agencies, and other organizations. The report specifically pointed the finger at Chinese military Unit 61398, noting that digital forensic evidence led investigators to the building housing that unit.

China's response?

As expected, the government has criticized the report, citing a lack of hard evidence. In a press conference held by China's … Read more

Apple, Facebook, Twitter hacks said to hail from Eastern Europe

While many security experts have been pointing the blame at China for the recent wave of cyberattacks on U.S. companies and newspapers, Bloomberg reports that some of the malware attacks actually may be coming from Eastern Europe.

Investigators familiar with the matter told Bloomberg they believe a cybercriminal group based in either Russia or Eastern Europe is carrying out the high-level attacks to steal company secrets, research, and intellectual property, which could then be sold on the black market.

Evidence that the attacks may be coming from Eastern Europe is the type of malware being used by the hackers, … Read more

New Mac malware opens secure reverse shell

A new backdoor Trojan for OS X is making the rounds, attempting to set up a secure connection for a remote hacker to connect through and grab private information.

The malware, dubbed "Pintsized" by Intego, is suspected of using a modified implementation of OpenSSH to set up a reverse shell that creates a secure connection to a remote server.

The use of an encrypted connection makes it more difficult to detect and trace, especially since it uses the common SSH protocol. In addition, the malware attempts to hide itself by disguising its files to look like components of … Read more

Apple: Employee computers were targeted in hack attack

Apple today said it too was targeted as part of the string of hacking efforts on companies and news agencies.

The iPhone and Mac maker told Reuters that hackers targeted computers used by its employees, but that "there was no evidence that any data left Apple."

In a statement, Apple said it discovered malware that made use of a vulnerability in the Java plug-in, and that it was sourced from a site for software developers:

Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware … Read more