Virus News
Welcome to our RSS – Virus and Spyware Related News Feed section. This page might take some time loading up as it has to extract and load data from other sources.
Microsoft – Security at Home
PCAdvisor – Security News
Computerworld – Viruses News
Facebook malware scam takes hold - A "worrying number" of Facebook users are sharing a link to a malware-laden fake CNN news page reporting the U.S. has attacked Iran and Saudi Arabia, security firm Sophos said Friday. PHP 5.3.10 fixes critical remote code execution vulnerability - The PHP Group released PHP 5.3.10 on Thursday in order to address a critical security flaw that can be exploited to execute arbitrary code on servers running an older version of the Web development platform. Google reveals Android malware 'Bouncer,' scans all apps - Google yesterday unveiled an automated system that scans Android apps for potential malware or unauthorized behavior, a move critics have long called the company to make. Symantec warns of Android Trojans that mutate with every download - Researchers from security vendor Symantec have identified a new premium-rate SMS Android Trojan horse that modifies its code every time it gets downloaded in order to bypass antivirus detection. Half of Fortune 500 firms infected with DNS Changer - Half of all Fortune 500 companies and major U.S. government agencies own computers infected with the "DNS Changer" malware that redirects users to fake websites and puts organizations at risk of data theft, a security company said today. VeriSign admits multiple hacks in 2010, keeps details under wraps - VeriSign, the company responsible for guiding most of the world's Internet users to the correct websites and once the largest encryption certificate issuing authority, was successfully hacked several times in 2010. More Malware and Vulnerabilities News - View more Malware and Vulnerabilities news and analysis from Computerworld.com
Kaspersky – Virus News
Norton Security Articles
Critical vulnerabilities in Adobe Flash player - updates available - Several critical vulnerabilitiies have been identified in Adobe Flash player 11.0.1.152 and earlier versions.
Critical is Adobe's highest vulnerability rating and could when exploited allow malicious native-code to execute, potentially without a user being aware.
More information is available in Adobe's security bulletin 11-28, which also has links to update downloads.
Norman recommends that affected users update their Adobe Flash player as soon as possible.
One critical update for Microsoft systems in November 2011 - In its security bulletin summary for November 2011 Microsoft has published one update for critical, two updates for important, and one update for moderate vulnerabilities in its operating systems / applications.
Critical is Microsoft's highest vulnerability rating.
A summary describing briefly the vulnerabilities is available from Microsoft's Security Bulletin Summary for November 2011.
From this page you will also find links to more detailed information in Microsoft's Security Bulletins MS11-083 - MS11-086.The critical update addresses the following issue:
- One privately reported vulnerability in TCP/IP.
As expected Microsoft did not include any update for the recently discovered zero-day vulnerability in TrueType Font Parsing, which is used by Duqu. An out-of-band update for this is likely. Until a security update is available, Microsoft has published a workaround in the form of a fixit solution.
Updates that fixes the vulnerabilities addressed in the November bulletins are available from Windows automatic update mechanism.
To manually check for updates Click the Start button, click All Programs and then click Windows Update.
Norman advices all affected users to download the relevant security updates as soon as possible, to be protected from potential exploits.An approach to an organization's risk factors (part 3) - Introduction
This is part three of our multi-part series "An approach to an organization's risk factors".
We strongly recommend that you read these articles sequentially, starting with part 1 here.
The first article discussed different procedures and systems that could be invoked in order to mitigate risk. The second article discussed Electronic factors as an area of risk. In this third and final part we will examine Human attack factors and Physical factors.
3. Human attack factors
By human attack…
Microsoft Security Bulletins advance notification An approach to an organization's risk factors (part 2) - Introduction
This is the second part of of our multi-part series "An approach to an organization's risk factors".
We strongly recommend that you read these articles sequentially, starting with part 1 here.
The previous article discussed different procedures and systems that could be invoked in order to mitigate risk. In subsequent parts we will examine areas at risk, starting with Electronic factors.
2. Electronic factors
By electronic factors, we will include all types of issues with the organization…
An approach to an organization's risk factors (part 1) - Introduction
Any organization is exposed to some kind of risks. How an organization deals with this fact, however differs widely.
The larger organizations are probably better equipped to allocate sufficient resources to implement the systems that are available in security standards. Smaller organizations may feel that these are not so well suited for their needs.
However, the organization may find it useful to perform a systematic analysis of its vulnerabilities, the probability for their exploitation,…
Denial of Service attacks against secure web sites - Introduction
Secure communication has been the target of several types of attack this year. In our security article in June, Secure tokens turn insecure, we wrote about the attack against RSA, an event that turned out to have serious consequences for several high-profile vendors of military systems. In September we wrote about breaches in the security authorization model in Secure browsing turns insecure (again). And earlier this month we wrote about BEAST (Browser Exploit Against SSL/TLS).
Yet another…
Two critical updates for Microsoft systems in October 2011 - In its security bulletin summary for October 2011 Microsoft has published two updates for critical and six updates for important vulnerabilities in its operating systems / applications.
Critical is Microsoft's highest vulnerability rating.
A summary describing briefly the vulnerabilities is available from Microsoft's Security Bulletin Summary for October 2011.
From this page you will also find links to more detailed information in Microsoft's Security Bulletins MS11-075 - MS11-082.The critical…
Malicious images (codes) - Introduction
One popular way to trick users into infecting themselves is to use links in emails. However, the criminals are constantly looking at new ways to trick us. In this article, we shall examine a new one.
Background
In recent years, the most popular way to spread malicious software has been through web sites. Many different techniques are used, and several of our previous articles have discussed these. Among the more common types are
- the real link in an email is a different than the…
Microsoft Security Bulletins advance notification
Trend Micro malware Blog
Malware Uses Sendspace to Store Stolen Documents - We’ve recently encountered malware that grabs MS Word and Excel files from users’ infected systems and then uploads them to the file hosting site sendspace.com. Sendspace is a file hosting website that offers file hosting to enable users to “send, receive, track and share your big files.” Sendspace was recently used for dropping stolen data [...] Post from: TrendLabs | Malware Blog - by Trend Micro
Malware Uses Sendspace to Store Stolen DocumentsBKDR_POISON: More Challenges Ahead - Last year, the security industry was plagued by a series of APT reports, which included the “Nitro Attack”. The backdoor used here is known as PoisonIvy or BKDR_POISON. Its builder is available online. Security vendors have then taken measures to counter this threat to help customers battle against similar infections in the future. However, a [...] Post from: TrendLabs | Malware Blog - by Trend Micro
BKDR_POISON: More Challenges AheadMobile Threat Landscape: A Decade Later - We already knew that more and more people are becoming tablet and smartphone owners, but two new surveys that were released just this week reinforced that. A Google/Ipsos poll found that smartphone use was growing in all 5 surveyed countries. In the US, smartphone ownership rose from 31% to 38% of the population by September/October [...] Post from: TrendLabs | Malware Blog - by Trend Micro
Mobile Threat Landscape: A Decade LaterSearch Monetization As a New Threat to the Mobile Platform - Last week we came across a report about a Plankton variant embedded in various apps emerging in the Android Market. One of the samples we inspected is a puzzle game called Sexy Ladies-2.apk, which is detected as ANDROIDOS_PLANKTON.P along with many other apps related to it. Other external reports tell of the millions of app downloads [...] Post from: TrendLabs | Malware Blog - by Trend Micro
Search Monetization As a New Threat to the Mobile PlatformFacebook Valentine’s Theme Leads to Malware - It’s never too early to get ready for Valentine’s day, it seems, even when it comes to malicious attacks. Recently, I came across a scam in Facebook that leverages the upcoming occasion. The said attack begins with a post on affected users’ wall inviting other users to install a Valentine’s theme into their Facebook profile. [...] Post from: TrendLabs | Malware Blog - by Trend Micro
Facebook Valentine’s Theme Leads to MalwareTop APT Research of 2011 (That You Probably Haven’t Heard About) - Throughout 2011, I am sure that you have heard of the compromise of RSA, in which the stolen data regarding RSA’s Secure ID appears to have been used in subsequent attacks and that there were many more victims other than RSA. You’ve probably also heard of ShadyRAT, which demonstrated the longevity of command and control infrastructure as [...] Post from: TrendLabs | Malware Blog - by Trend Micro
Top APT Research of 2011 (That You Probably Haven’t Heard About)Malware Leveraging MIDI Remote Code Execution Vulnerability Found - Earlier today, we encountered a malware that exploits a recently (and publicly) disclosed vulnerability, the MIDI Remote Code Execution Vulnerability (CVE-2012-0003). (Ed. Note: addressed in MS12-004) The said vulnerability is triggered when Windows Multimedia Library in Windows Media Player (WMP) fails to handle a specially crafted MIDI file, consequently allowing remote attackers to execute arbitrary code. In [...] Post from: TrendLabs | Malware Blog - by Trend Micro
Malware Leveraging MIDI Remote Code Execution Vulnerability FoundHow Private Is My Online Information? - At a time when the web is flooded with user information and entire platforms are built and run on sharing just about every piece of information about oneself, you have to wonder, “Are we really living in the post-privacy era?” For 2012, we believe that the new social networking generation will redefine privacy. Our concept [...] Post from: TrendLabs | Malware Blog - by Trend Micro
How Private Is My Online Information?Towards A More Secure Industrial Control Systems Security Posture - ICS (Industrial Control Systems) Networks have been really big news lately, due to a spate of vulnerabilities, high-publicized breaches, and various other security concerns. ICS Networks are defined as networks or collections of networks that consist of elements that control and provide telemetry data on electromechanical components. Such components include valves, regulators, switches, and other [...] Post from: TrendLabs | Malware Blog - by Trend Micro
Towards A More Secure Industrial Control Systems Security PostureTax Season Opens, Tax Spam Follows - The IRS officially kicked off the beginning of tax season in the US, and just right in time for it are the cybercriminals who are already taking advantage and using tax-related messages as a social engineering lure. We’ve recently spotted samples of spammed messages posing as a notice from Fidelity Investments, a well-known American financial [...] Post from: TrendLabs | Malware Blog - by Trend Micro
Tax Season Opens, Tax Spam Follows
Washington Post Security Fix
Nevada caucuses: What to watch for - We are now just a few hours away from getting the first results in the 2012 Nevada caucuses.
So besides listening to The Fix’s Nevada playlist, what else can you do to get ready for the big night?
Read full article >>
Obama, Romney face Nevada challenges - LAS VEGAS — After high-octane campaigns in the first four states with primaries and caucuses this year, the Republican contest this week in Nevada has been a snoozer. That’s not likely to be the case come November.
Read full article >>
Florida to blame for nasty GOP race, some RNC members say - It wasn’t supposed to be this way.
The Republican race this year wasn’t supposed to start until February, so voters didn’t have to be troubled with politics when they were still concentrating on mistletoe.
Read full article >>
Many House GOP freshmen still undecided about a presidential nominee - A year after storming the Capitol in the vanguard of the tea party revolution, the House Republican freshman class has fallen largely silent on the most pressing issue facing their party at the moment: Who should be the GOP presidential nominee?
Read full article >>
If U.S. economy strengthens, Mitt Romney’s pitch could be undercut - SPARKS, Nev. — With Friday’s jobs report punctuating the nation’s steadily improving conditions, Mitt Romney and his advisers are confronting an unexpected economic turnaround that threatens to undercut the central rationale for his candidacy.
Read full article >>
Defiant Gingrich campaigns in Nevada against long odds - LAS VEGAS — Stoney’s Rockin’ Country dance hall is a place that celebrates defiance of long odds: Every night, inebriated non-cowboys climb up on a mechanical bull under the mistaken impression that they can hang on. On Thursday nights, they do it in bikinis.
Read full article >>
Gifts and pocket fillers on the campaign trail - LAS VEGAS — A pair of hand-knit slippers, adorned with a Mormon symbol. Rosary beads. A tiny stack of yard signs. An autographed Ron Paul placard.
Nevada had its strange moment in the political spotlight this week, as stage-managed campaigns roared through with rallies and TV ads. This was faux intimacy, done in a city where faux is a fact of life: The casinos are named after Paris and New York, and the dust-dry streets around them are named, aspirationally, for trees and oceans.
Read full article >>
Gingrich suggests Romney ‘clearly against the American ideal’ - Newt Gingrich goes on the attack, Romney was once a Democrat, Santorum didn’t qualify for the ballot in Indiana and Florida Democrats seem ready to go to court.
Make sure to sign up to get “Afternoon Fix” in your e-mail inbox every day by 5 (ish) p.m!
Read full article >>
Nevada caucus: The Fix prediction contest! - Do you want an offiical Fix t-shirt? Of course you do! And it’s easy.
All you have to do is guess the finish order and vote share of all four GOP presidential candidates in Nevada’s Saturday caucuses. (Okay, maybe not that easy. Those shirts are highly coveted; we can’t just give them away.)
Read full article >>
The best Nevada music: A Fix playlist - The Nevada caucuses are tomorrow, and that means we need music to listen to while we wait for the results.
Here’s how you can help. Tell us your favorite songs from or about the Silver State with the hashtag #fixplaylist, and we’ll add them to our primary day playlist. Deal?
Read full article >>
Nevada Republican caucuses: How to follow them - Nevada Republicans will caucus Saturday to determine who receives the state’s 28 delegates to the Republican National Convention.
Read full article >>
Nevada GOP partners with Google, Twitter to deliver election results - If you’re following the Nevada caucuses this evening, you may notice something different about the election results: They’ll be broadcast via Google and Twitter.
It’s the second time Republican Party officials have partnered with Google to release election results. In January, the Iowa GOP provided caucus results via Google, providing a faster alternative to the Associated Press, which most news organizations use to provide election data.
Read full article >>
The Donald Trump bump: It exists on @MentionMachine - Donald Trump endorsed Mitt Romney for the Republican presidential nomination on Thursday, a gesture that isn’t likely to have much of an effect on Romney’s support among GOP voters.
A Washington Post-Pew R esearch Center poll taken in January showed that only 13 percent of Republicans said they were more likely to support a candidate who won Trump’s endorsement.
Read full article >>
Komen no longer owns pink - It’s time to take back the pink. And pay more attention to the red.
It’s time to declare that the Susan G. Komen Foundation, which just ‘revised its revision of its funding policy,’or something like that, no longer owns that color. And neither, though I myself am a breast-cancer survivor, does the breast cancer cause.
Read full article >>
Obama ruling requires Catholic institutions to violate church teaching - President Obama quoted C.S. Lewis on Thursday morning, and normally that would have made my day. The president is good at talking about his Christian faith, as he did at a National Prayer Breakfast, and ought to do more of it if he wants to relieve Americans of some of their most basic misconceptions about him.
Read full article >>
