Users from Vietnam, India, China, Taiwan and possibly other countries, were targeted as part of an attack campaign that uses Microsoft Word documents rigged with exploits in order to install a backdoor program that allows attackers to steal information, according to researchers from security firm Rapid7.
A newly discovered Trojan program exploits previously unknown flaws in Android and borrows techniques from Windows malware in order to evade detection and achieve persistence on infected devices.
A hacker released what he claims is a zero-day exploit for older versions of the Parallels Plesk Panel, a popular web-hosting administration software package, that could allow attackers to inject arbitrary PHP code and execute rogue commands on Web servers.
The Internet Systems Consortium (ISC), the organization that develops and maintains the widely used BIND DNS (Domain Name System) software, has patched a publicly disclosed vulnerability that can be used to remotely crash DNS servers running recent releases of BIND 9.
The number of malware samples that use P-to-P (peer-to-peer) communications has increased fivefold during the past 12 months, according to researchers from security firm Damballa.
An ongoing cyberespionage campaign compromised over 350 high-profile victims from more than 40 countries over the past eight years, including political activists, research centers, governmental institutions, embassies, military contractors and private companies from various industries.
Distributed denial-of-service (DDoS) attacks that could be related have, in the past few days, slammed the DNS servers of at least three providers of domain name management and DNS hosting services.
The first three months of 2013 have seen a surge in spam volume, as well as large numbers of samples of the Koobface social networking worm and master boot record (MBR) infecting malware, according to antivirus vendor McAfee.
Oracle plans to make changes to strengthen the security of Java, including fixing its certificate revocation checking feature, preventing unsigned applets from being executed by default and adding centralized management options with whitelisting capabilities for enterprise environments.
Aiming to better address the security needs of businesses of all sizes that are facing increasingly complex attacks, McAfee has added two endpoint security suites to its product lineup.
Hackers are actively exploiting a critical vulnerability in the Ruby on Rails Web application development framework in order to compromise Web servers and create a botnet.
The designs for over two dozen advanced U.S. weapon systems, including missile defenses, combat aircraft and ships, were reportedly accessed by Chinese hackers.
Twitter's SMS-based, two-factor authentication feature could be abused to lock users who don't have it enabled out of their accounts if attackers gain access to their log-in credentials, according to researchers from Finnish antivirus vendor F-Secure.
The amount of cybercriminal activity associated with the Zeus family of financial Trojan programs has increased during the past few months, according to security researchers from antivirus vendor Trend Micro.
Security researchers from antivirus vendor ESET discovered a piece of cyberespionage malware targeting Tibetan activists that uses unusual techniques to evade detection and achieve persistency on infected systems.