cybersecurity

Move over, Cameron Diaz, there's a new leader in the race to be the "world's most dangerous celebrity."

Former Victoria's Secret model and current host of "Project Runway," Heidi Klum is the Internet's "most dangerous celebrity," security firm McAfee announced today. According to McAfee, when people type Klum-related queries into a search engine, nearly 10 percent of the results are "malicious."

"Fans searching for 'Heidi Klum and downloads,' 'Heidi Klum and 'free' downloads,' 'Heidi Klum and screensavers,' 'Heidi Klum and hot pictures' and 'Heidi Klum and videos' … Read more

A new flavor of Android malware is disguising itself as a Google+ app in an attempt to capture instant messages, GPS, location, call logs, and other sensitive data.

Uncovered by the team at Trend Micro, the new malware known as ANDROIDOS_NICKISPY.C can also automatically answer and record phone calls. To capture data, the app loads at boot-up and runs certain services that can monitor messages, phone calls, and the user's location, thereby stealing e-mail and other content.

Detailing its findings in a blog Friday, Trend Micro said it discovered that the malicious app tries to trick people by installing itself under the name Google++.

But instead of providing access to Google's new social network, the app sends its stolen user data to a remote site where presumably cybercriminals can grab it. Unlike some malware in the past that masqueraded as legitimate apps through Google's Android Market, this particular one must be downloaded by an unsuspecting user from a malicious Web site and then manually installed.

And even if installed, the app can be uninstalled from an Android device by selecting Settings > Application > Manage applications, choosing Google++ and then clicking Uninstall, according to Trend Micro.

Trend Micro gives the app a low-risk rating, but it's still something that Android owners should be sure to avoid.

Android users concerned about security can learn how to better protect themselves through Trend Micro's online guide "5 Simple Steps to Secure Your Android-Based Smartphones."… Read more

The Pentagon today elaborated on its plans to defend privately-owned Internet servers owned by banks, transportation and utility companies, and other key firms from electronic attacks, a proposal that has raised privacy concerns in the past.

"Our assessment is that cyberattacks will be a significant component of any future conflict, whether it involves major nations, rogue states, or terrorist groups," William Lynn, the deputy secretary of defense, said during a speech at the National Defense University in Washington, D.C.

To illustrate the sophistication of such attacks, Lynn said a foreign government was behind a cyberattack in March … Read more

Software made by a Chinese company and used around the world by chemical, defense, and energy companies contains security holes that attackers could exploit to hack into critical systems.

In an advisory issued yesterday (PDF), the Department of Homeland Defense warned of two vulnerabilities in software made by Beijing-based Sunway ForceControl (Google Translate English version). The Chinese company makes SCADA (supervisory control and data acquisition) software, which is used in computer systems that control and monitor manufacturing plants and equipment used by different industries.

Discovered by security researcher Dillon Beresford of NSS Labs, the security holes could allow cybercriminals to … Read more

Google grabbed the news spotlight this week as it hosted its annual I/O developer conference in San Francisco, but nothing shone as bright as its Chrome browser and the Chrome-based laptop the company introduced.

The Chromebook, touted as an always-on and always-connected computing experience, will be offered by Samsung and Acer starting June 15. The Samsung Chromebook will go for $429 in the U.S. for the Wi-Fi only version and $499 for the 3G version. Acer's Wi-Fi only Chromebook will cost $349.

The devices will be sold in the U.S. by Amazon.com and Best Buy. … Read more

The White House today sent Congress a proposed cybersecurity law designed to force companies to do more to fend off cyberattacks, a threat that has been reinforced by recent reports about vulnerabilities in systems used in power and water utilities.

This proposal seems designed to prod the legislative branch to enact by the end of the year some variety of cybersecurity legislation, which has been stalled by concerns about privacy, Internet "kill switches," and overreaching regulation. One proposal from Sen. Jay Rockefeller (D-W.V.), for instance, would have explicitly given the government the power to "order the disconnection&… Read more

The Obama administration said today that it's moving ahead with a plan for broad adoption of Internet IDs despite concerns about identity centralization, and hopes to fund pilot projects next year.

At an event hosted by the U.S. Chamber of Commerce in Washington, D.C., administration officials downplayed privacy and civil liberties concerns about their proposal, which they said would be led by the private sector and not be required for Americans who use the Internet.

There's "no reliable way to verify identity online" at the moment, Commerce Secretary Gary Locke said, citing the rising … Read more

SAN FRANCISCO-- A top Defense Department official said today that the U.S. military should "extend" a technological shield used to protect its own networks to important private sector computers as well, which could sweep in portions of the Internet and raise civil liberty concerns.

William Lynn, the deputy secretary of defense, proposed at the RSA Conference extending "the high level of protection afforded by active defenses to private networks that operate infrastructure" that's crucial to the military or the U.S. economy.

What Lynn refers to as "active defenses" were pioneered by … Read more

The Conficker worm may have been squashed, but this nasty piece of malware is still squirming around millions of computers around the world.

Those were the findings of the Conficker Working Group, a collection of antivirus vendors and several other parties that joined forces in 2009 and 2010 to try to stomp out the worm.

Releasing a "Lessons Learned" document (PDF) yesterday, the CWG claimed success in ultimately stopping Conficker from communicating with its creator, thus preventing it from updating into newer and more dangerous variants. The group seemed especially proud of the way the various organizations and … Read more