malware

While cyberattacks and hacking seem to be constantly making headlines these days, identity fraud is also on the rise.

A new report by Javelin Strategy and Research shows that identity fraud has increased for the last three years in a row -- affecting more than 5 percent of U.S. adults. In 2012, 12.6 million people were identity victims.

According to Javelin, identity fraud is up 4.9 percent from 2011 and 4.35 percent from 2010. The firm said that scammers are increasingly gaining access to people's personal information and accounts through data breaches and malware attacks.… Read more

While many security experts have been pointing the blame at China for the recent wave of cyberattacks on U.S. companies and newspapers, Bloomberg reports that some of the malware attacks actually may be coming from Eastern Europe.

Investigators familiar with the matter told Bloomberg they believe a cybercriminal group based in either Russia or Eastern Europe is carrying out the high-level attacks to steal company secrets, research, and intellectual property, which could then be sold on the black market.

Evidence that the attacks may be coming from Eastern Europe is the type of malware being used by the hackers, … Read more

A new backdoor Trojan for OS X is making the rounds, attempting to set up a secure connection for a remote hacker to connect through and grab private information.

The malware, dubbed "Pintsized" by Intego, is suspected of using a modified implementation of OpenSSH to set up a reverse shell that creates a secure connection to a remote server.

The use of an encrypted connection makes it more difficult to detect and trace, especially since it uses the common SSH protocol. In addition, the malware attempts to hide itself by disguising its files to look like components of … Read more

Kaspersky labs and Alienvault have released a new analysis that outlines recent increases in targeted attacks against Uyghur groups in China, where an apparent ongoing politically motivated effort is using old vulnerabilities in Microsoft Word to infect their systems with malware.

The effort is using unpatched versions of Microsoft Word 2004 and 2008 for OS X, where maliciously crafted documents can exploit an old and patched vulnerability to execute code and install backdoor software without the user's consent. The malware in this case installs a common remote-access shell called "TinySHell" that in itself is not intended as … Read more

Microsoft is deploying a larger bunch of bug fixes this month than usual.

Next week's Patch Tuesday will address 57 different security vulnerabilities through 12 separate updates.

The bugs stretch across a range of programs, including Windows, Internet Explorer, Windows Server, Microsoft Exchange, and Microsoft's .Net Framework.

Five of the 12 patches are rated critical, so they're designed to patch holes that could allow someone to execute malicious code on an unprotected PC. Two of the critical patches are aimed at all versions of Internet Explorer from 6 through 10. That means all current versions of Windows … Read more

BlackBerry is counting on Trend Micro to help ensure the security of its third-party apps.

Like other app store owners, BlackBerry already scans apps for malware to protect BlackBerry World customers. But the company will add Trend Micro's Mobile Application Reputation Service to take that protection a few steps further.

Both current and new apps submitted to BlackBerry World will be scanned by Trend Micro's cloud-based service to hunt for malware.

"BlackBerry is working with Trend Micro to implement a more robust approach for addressing privacy and security concerns related to third-party applications," Adrian Stone, director … Read more

A couple of Android apps masquerading as cleanup tools actually had a sneakier mission in mind.

Uncovered last month by Kaspersky, two apps named Superclean and DroidCleaner posed as software that claimed to clean up your Android smartphone or tablet. Instead, these two were actually pieces of malware designed to snoop on your conversations by infecting your computer.

The programs worked by downloading files that automatically execute after plugging an Android device into a Windows PC, according to Kaspersky's blog. After executing, the malware would trigger the audio recorder function in Windows, write the information to a file, and … Read more

Oracle has rushed out a new Java security patch designed to plug up a range of holes in the software.

The February Critical Patch Update for Java SE addresses 50 security vulnerabilities, 44 of which affect the use of Java as a plug-in for Web browers, according to an Oracle blog posted Friday. If not properly patched, the plug-in could open the door for attackers to remotely execute code on a PC or Mac by directing users to malicious Web sites.

"The popularity of the Java Runtime Environment in desktop browsers, and the fact that Java in browsers is … Read more