ExploitShield launched in September 2012 (covered previously by Seth Rosenblatt) with an ambitious goal: to close the yawning security gap for zero-day threats, those nasty exploits that arise upon first notice of a security vulnerability in a browser or other application before developers can fix the hole. Today, the ExploitShield technology gained a lot more visibility as it was acquired by security-software publisher Malwarebytes, whose Malwarebytes Anti-Malware software has been a Top 10 product on Download.com for many years.
Yahoo's plan to recycle old user IDs has prompted some concern among security experts who fear hackers could take advantage. But Yahoo says their fears are unfounded.
Speaking to Reuters in an interview published on Thursday, Yahoo senior director for consumer platforms, Dylan Casey, said that he's "aware" of the concerns over identity theft, but his company has "gone through a bunch of different steps to mitigate that concern."
Yahoo announced last week that it's resetting all user IDs that have been inactive over the last 12 months starting in July. The company … Read more
In the past year, estranged antivirus kingpin John McAfee has been accused of being many things -- madman, drug addict, and murderer, just to name a few -- but as the video below proves, you certainly can't accuse him of taking himself too seriously.
In the very NSFW four-minute clip, McAfee slams the software he created (but has had not contact with for more than a decade, as he points out) for its tendency to update itself at the most inconvenient times and ultimately offers an, uh, unorthodox method for uninstalling it.… Read more
BlackBerry has issued a security advisory notice to those who have bought its flagship Z10 touchscreen smartphone -- the first BlackBerry 10 device to launch following the company's bid for revival, back in February.
The advisory, which was issued last week, notes a bug that relates to BlackBerry Protect, its security and backup utility, rather than the phone's operating system itself.
According to the advisory, an escalation of privilege vulnerability exists in the software of some Z10 phones that could allow a malicious app to "take advantage" of weak permissions in the in-built … Read more
The U.S. government had been hacking into computers in Hong Kong and China for years, says NSA whistleblower Edward Snowden.
The former CIA employee stirred up a hornet's nest recently when he leaked details about PRISM, a National Security Agency program that collects certain user information from Internet companies and phone service providers in an effort to track down terrorists.
In an interview with the South China Morning Post, Snowden said that PRISM actually extends to people and institutions in Hong Kong and mainland China. The NSA itself has been hacking into computers in Hong Kong and China … Read more
On the eve of President Barack Obama's high-level meeting with Chinese President Xi Jinping, U.S. intelligence officials have revealed that a slew of documents and e-mails were stolen during the 2008 presidential campaign from both the president and then GOP presidential candidate John McCain. Officials are accusing China's government for the hack.
According to NBC News, officials said that they first detected the major cyberattack in the summer of 2008 and were then able to trace the culprits back to China.
"Based on everything I know, this was a case of political cyberespionage by the Chinese … Read more
Noting the contribution made by those who try to hack its security, Google has once again increased the cash rewards it pays out for identifying vulnerabilities in its services.
The Internet giant, which began swapping security research for cash a couple of years ago, announced the higher payouts and new rules for the program Thursday on the company's Online Security Blog.
The bounty for cross-site scripting bugs on Google Accounts more than doubled from $3,133.70 to $7,500. The reward for reporting cross-site scripting bugs in other sensitive areas such as Gmail and Google Wallet more than … Read more
Security researchers have found a proof-of-concept attack that appears to be the first true viral malware approach for compromising OS X.
The malware is called "Clampzok.A" and is a cross-platform malware package that alters the binary files on an affected system so when executed, the binary will infect neighboring binary files.
The malware is written in assembly code, and was originally released in 2006 for Windows and Linux systems, but was recently updated to affect 32-bit Mach-O binary files in OS X machines.
Unlike Trojan horses, spyware, and adware that hide in one location on the system … Read more
Megaupload founder Kim Dotcom has won another one.
A New Zealand court on Friday ruled that the warrants used by law enforcement officials to raid Dotcom's home in 2012 were illegal. Therefore, the court said, police are required to provide copies of all relevant evidence in the prosecution of Dotcom for alleged piracy. Any material that is deemed by the court not to be relevant must be returned to Dotcom.
There is no question that regardless of the computing platform you use, malware happens. To help prevent these and other unwanted programs from running, Apple includes a data execution prevention routine called GateKeeper, which offers three layers of protection. The first allows everything to run, the second allows only applications signed with a valid Apple Developer ID to run, and the third allows only programs distributed through the Mac App Store to run.
Apple provides the Developer ID option with the assumption that most who use its Developer program create legitimate and trustworthy code, since their works will be easily … Read more