malware

Apple, Facebook hackers hit car and candy companies too

More details have been revealed about the massive cyberattack that hit several tech companies last month. Not only were Apple, Facebook, Microsoft, and Twitter hit -- but other industries' computer systems were also hacked, including prominent car manufacturers, U.S. government agencies, and a candy company.

According to The Security Ledger, people familiar with the matter said that hackers infiltrated computer networks by using at least three third-party "watering hole" Web sites, which made it possible for hackers to put malware on those companies' computers.

"The breadth of types of services and entities targeted does not reflect … Read more

Microsoft to patch critical holes in IE, Office, Silverlight

Windows users will get the usual round of security patches from Microsoft next Tuesday.

Among the seven fixes due to roll out March 12, four are rated critical, which means they address flaws that could let an attacker execute malware on a remote PC by steering a user to a malicious Web site or e-mail link.

The patch for Internet Explorer is designed to shore up all versions from IE6 to IE10 across all iterations of Windows from XP to Windows 8 and RT. The patch for Microsoft's Silverlight, a browser plug-in that can display online videos and other … Read more

Apple marketing chief jabs Android security on Twitter

Apple marketing chief Phil Schiller has been a semi-regular Twitter user since 2008, though mostly tweets about things like music, movies and sports.

But that changed earlier today with a post linking to F-Secure Labs' latest quarterly Mobile Threat report, with a casual mention to "be safe out there."

The 29-page report's (PDF) key finding is that malware on Google's Android is getting worse, in part because of the platform's brisk growth and a new variant of malware that spread using SMS.

"Android malware has been strengthening its position in the mobile threat scene,&… Read more

Avast Free Antivirus 8.0.1483.72

Looking to compete with both paid and free security suites, Avast wants to create a unified approach to your computer security. Long gone are the days of the quirky interface. Avast is accessible and robust, with an impressive list of free features and strong, though hardly stellar, performance benchmarks.

Installation Avast has improved its installation process so it's faster than before. It's not the fastest on the market, not by a long shot, but a standard installation took us about three minutes -- around the same as last year.

Some items of note during the installation that will … Read more

Avast Pro Antivirus 8.0.1483.72

Looking to compete with both paid and free security suites, Avast wants to create a unified approach to your computer security. Long gone are the days of the quirky interface. Avast is accessible and robust, with an impressive list of free features and strong, though hardly stellar, performance benchmarks.

Installation Avast has improved its installation process so it's faster than before. It's not the fastest on the market, not by a long shot, but a standard installation took us about three minutes -- around the same as last year.

Some items of note during the installation that will … Read more

Oracle issues emergency Java update to patch vulnerabilities

In response to discovering that hackers were actively exploiting two vulnerabilities in Java running in Web browsers, Oracle has released an emergency patch that it says should deal with the problem.

"These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password," Oracle wrote in a security alert today. "For an exploit to be successful, an unsuspecting user running an affected release in a browser must visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and … Read more

More Java-based malware plagues the cross-platform runtime

Java cannot seem to get a break. Only a few days after patching the last zero-day vulnerability, two more exploits are being found that make use of the runtime. One, as noted by Kaspersky, is a recent exploit of the latest runtime's attempts to install a McRAT executable by overwriting memory in the JVM that will trigger the executable to run.

Once installed, the McRAT malware will attempt to contact command and control servers and copy itself into dll files in Windows systems.

This malware is specifically Windows-based; however, a second one outlined by Intego, is a Minecraft password-stealing … Read more

New Avast features roll out to fan legions

The new version of the Avast security suite focuses on repairing the past mistakes of Windows. Debuting today exclusively with CNET's Download.com, Avast 8 addresses some of today's most pressing security concerns but leaves at least one other growing problem unresolved.

All told, Avast Free Antivirus 8 (download), Avast Pro Antivirus 8 (download), Avast Internet Security 8 (download) and the new top-tier suite, Avast Premier 8 (download) command upwards of 170 million active users, making Avast the most popular consumer security suite by a long shot.

Although the suite leaves privacy in the cold, the rest of … Read more

'MiniDuke' malware takes aim at Euro governments via Adobe

A new attack is targeting European governments through flaws exploited in Adobe's Reader software, according to security researchers.

Kaspersky Lab and CrySys Lab today detailed a new malicious program in the wild, called "MiniDuke," that has been attacking government entities and institutions across Europe. Government entities in the Ukraine, Portugal, Romania, and others have been targeted, according to the security researcher.

MiniDuke finds its way to infected computers through PDFs. The malicious hackers -- who Kaspersky believes might have been dormant for some time because of the technique's similarity to those from the late-1990s -- have … Read more

What is the Eicar testfile?

When Apple updates its XProtect anti-malware system in OS X with new definitions, it often means a new or updated threat has been found for OS X.

Earlier this morning, Apple issued an update to XProtect, which now includes a new definition for a malware package called "OSX.eicar.com.i," that comes from Eicar.com. This update suggests the new definitions are for a novel malware package, but this is not so with this latest update.

"Eicar" stands for the European Institute for Computer Antivirus Research, which is a group that investigates malware and security … Read more