Microsoft said Thursday that it will issue an out-of-band security update on Monday to fix a critical, remotely-exploitable security hole present in all versions of Windows, which the software giant says is fueling an increasing number of online attacks. On… Read More »
Police in Slovenia have arrested a 23-year-old man in Maribor believed to be responsible for creating the Mariposa botnet, a collection of hacked PCs that spanned an estimated 12 million computers across the globe, according to reports. The Associated Press… Read More »
As a rule, I tend to avoid writing about reports and studies unless they offer truly valuable and actionable insights: Too often, reports have preconceived findings and that merely serve to increase hype and drum up business for the companies that commission them. But I always make an exception for the annual data breach report issued by the Verizon Business RISK team, which is so chock full of hype-slaying useful data and conclusions that it is often hard to know what not to write about from the report.
Recently I came into possession of a series of documents showing the financial books of an organization that orchestrates the distribution of rogue anti-virus attacks or “scareware,” programs that hijack victim PCs with misleading security alerts in an effort to frighten the user into purchasing worthless security software. I found many interesting details in this data cache, but one pattern in the data I think explains why scareware continues to be a major scourge: Relatively few people victimized by it dispute the transaction with their bank.
Virus writers and botmasters increasingly are turning to new subscription services that test when and whether malicious links have been flagged by Web reputation programs like Google Safe Browsing and McAfee SiteAdvisor.
Microsoft has released a stopgap fix to help Windows users protect themselves against threats that may try to target a newly discovered, critical security hole that is present in every supported version of Windows.
Adobe Systems Inc. said today the next release of its free PDF Reader application will include new “sandbox” technology aimed at blocking the exploitation of previously unidentified security holes in its software.
Thieves recently attached bank card skimmers to gas pumps at more than 30 service stations along several major highways in and around Denver, Colorado, the latest area to be hit by a scam that allows crooks to siphon credit and… Read More »
Researchers have discovered what appears to be a sophisticated new strain of malicious software that piggybacks on USB storage devices and leverages a previously unknown security vulnerability in the way Microsoft Windows processes shortcut files.
USB-borne malware is extremely common, and most malware that piggybacks on USB and other removable drives traditionally has taken advantage of the Windows Autorun or Autoplay feature. But according to VirusBlokAda, this strain of malware leverages a vulnerability in the method Windows uses for handling shortcut files.
When cyber crooks stole nearly $35,000 this year from Brookeland Fresh Water Supply District in East Texas, the theft nearly drained the utility’s financial reserves. Fortunately for the 1,300 homes and businesses it serves, Brookeland had purchased cyber security insurance, and now appears on track to recoup all of the unrecovered funds in exchange for a mere $500 deductible.
As this attack and a related case study I wrote about last month shows, cyber theft insurance can be a reasonable and effective investment in an era when ultra-sophisticated cyber thieves increasingly are defeating the security that surrounds many commercial online banking accounts.