Tag: software

Malware’s Future Looks A Lot Like Its Present

SAN FRANCISCO – What does the future of malicious software look like? Depressingly like the present, according to a panel of leading experts. Phishing attacks, spam and even self-propagating worms will continue to plague technology users in the years ahead, just as they have for much of the last two decades, according to experts at the RSA Security Conference in San Francisco on Wednesday. However, the malware will operate across a far more crowded landscape of mobile devices, virtual machines, cloud-based computing resources and Internet connected “stuff” – complicating the job of securing sensitive information. The panel, “50 Minutes into the Future: Tomorrow’s Malware Threats” asked the experts to look into the crystal ball and predict what malicious software would look like in the near- and distant future. The answer was: much like it looks today. Dave Marcus, the director of security research and communications at McAfee Labs, said that the […]

Continue Reading

Browser Security Still A Sore Spot For Companies (Podcast)

Clueless “end users” are a common straw man (or woman) in the security industry. They’re blamed for everything from data breaches to malware infections. Accepted wisdom is that companies “get it” when it comes to security – consumers (their employees) don’t. But what if it is the other way around? That’s one tantalizing bit of data you could take away from Qualys’s Browser Check service. The free online vulnerability scanning service has assessed millions of endpoints in its two years of existence. And, by and large, it has found that consumers – not corporate users – are following good security practice by migrating to more modern, and secure web browsers. In  our inaugural Security Ledger Podcast, we sat down with Wolfgang Kandek, the Chief Technology Officer at Qualys Inc. to find out. Qualys operates Browser Check (browsercheck.qualys.com), a free service that allows consumers to assess the security of their browser […]

Continue Reading

Are Mobile App Developers Prey In A Massive Watering Hole Attack?

Say you’re a “bad guy” and what you really want to do is compromise the systems of some high value targets – like software developers working a prominent, Silicon Valley firms like Facebook and Twitter.   Breaking through the front door isn’t easy – these companies mostly have the technology chops to protect their networks and employees. Phishing e-mails are also a tough sell: the developer community is heavy on Apple Mac systems and – besides – application developers might be harder to phish than your average Fortune 500 executive. A better approach might be to let your prey come to you – attacking them passively by gaining control of a trusted third party web site – a so-called “watering hole.” That’s a scenario that has played out in a number of recent, high profile attacks, such as the so-called “VoHo” attacks documented by Symantec and RSA. It may also be […]

Continue Reading

UPDATE: Vulnerability In EAS To Blame For Fake Zombie Apocalypse Warning?

Editor’s Note: Updated to include information on the brand of EAS device that was compromised. – PFR 2/14/2013 OK – the good news is that the dead aren’t rising from their graves and the Zombie Apocalypse hasn’t begun (yet…). The bad news: a phony EAS (Emergency Alerting System) warning about just such a cataclysm earlier this week may have been the result of a hack of what one security researcher says are known vulnerabilities in the hardware and software that is used to distribute emergency broadcasts to the public in the U.S. The warning from Mike Davis, a Principal Research Scientist at the firm IOActive, comes just days after unknown hackers compromised EAS systems at television stations in the U.S. and broadcast a bogus emergency alert claiming that the “dead were rising from their graves” and attacking people. Published reports say that at least four television stations were the victims […]

Continue Reading

Whitelist Goes Black: Security Firm Bit9 Hacked

Application “whitelisting” offers an alternative to signature based malware protection. Rather than trying to spot the bad guys, the thinking goes, just identify a list of approved (whitelisted) applications, then block everything else. But what happens when the whitelist, itself, becomes compromised? That’s the scenario that’s playing out with customers of whitelisting firm Bit9, which acknowledged a breach of its corporate network that allowed unknown assailants to gain control of an application code signing server. The acknowledgement came after Bit9 was contacted regarding the breach by Brian Krebs of Krebsonsecurity.com, which broke the news Friday. Little is known about the incident. In a blog post, Bit9’s CEO, Patrick Morley, said that only three of the company’ s customers were affected. Those customers identified malware on their networks that had been signed by one of Bit9’s code signing servers. The lapse was the result of a breach on Bit9’s own network. […]

Continue Reading
1 112 113 114 115 116 117