The threat of digital predation by a virus, or online scam seems so pervasive these days that you might have just accepted it as an inevitable part of life. When a computer virus ends up draining your bank account, however, this common scourge can hit too close to home. The good news is 97 percent of security breaches can be prevented, and if the worst happens, there are tools available to help you cut your losses and beat cyber-crooks at their own game. With the right software and a few simple techniques, digital fraud, identity theft, and sensitive data loss can be easy to thwart.
Over the past couple of years a new breed of malware has been making headlines. These new attacks are very complex, and seem to be directed at precision targets of national or military significance—suggesting that they’ve been developed by nation-states as cyber weapons. New information suggests that these threats may have been developed much earlier than previously thought, and that some of the malware attacks are still evolving and/or have not yet been discovered.
Stuxnet, Duqu, and Flame all seem to be highly sophisticated malware platforms. A coalition of security researchers has been diligently working to unravel Flame, figure out what makes it tick, and learn more about its origins and purpose. The results of the investigation are intriguing and seem to create as many questions as they answer.
According to the Flame investigation, the developers worked very hard to disguise Flame as a legitimate CMS (Content Management System) platform. The data captured by Flame is heavily encrypted on the server using strong public key cryptography to ensure that only the attackers can access it. Your average malware developers don’t generally go to such lengths to protect the stolen data—supporting the idea that Flame is not your average malware.
It is rare to find a new PC that doesn’t come with additional bells and whistles in addition to the operating system itself. The “bloatware” that PC vendors add on often includes useful tools like third-party security software. It seems, though, that some PCs also come with something more insidious—pre-installed malware.
Microsoft researchers investigating counterfeit software in China were stunned to find that brand new systems being booted for the first time ever were already compromised with botnet malware right out of the box. Microsoft has filed a computer fraud suit against a Web domain registered to a Chinese businessman.
The suit alleges that the Nitol malware on the new PCs points the compromised systems to 3322.org. Microsoft believes the site is a major hub of malware and malicious online activity. Microsoft claims that site in question hosts Nitol, as well as 500 other types of malware. A Washington Post report states that it’s the largest single repository of malicious software ever encountered by Microsoft.
Apple is hosting a major media event today to unveil the iPhone 5. In the days leading up to any iPhone announcement there's always a good deal of heated speculation regarding what features and capabilities the new smartphone will have.
Smartphones and tablets store gigabytes of data. They have banking apps, and apps that access credit card or investment accounts. They connect to email, and social networks. If a mobile device falls into the wrong hands, it's possible that sensitive information and data could be compromised. That's why your smartphones and tablets need to be locked down and protected.
One of the rumors floating around about the iPhone 5 is that it might come with fingerprint scanning technology. If it's true, it would be a game changer for smartphone security.
Thanks to the FBI, the United States government will soon have a nationwide system in place capable of monitoring and identifying “persons of interest” virtually anywhere. The Next Generation Identification (NGI) system is designed to aid the FBI in tracking down and capturing criminals.
Fingerprints have been the primary unique identifier for law enforcement agencies of all levels for a century. Even with billions of samples on record, no two fingerprints have ever been found to be alike.
Fingerprints are just one unique identifier, though, and much of the accumulated fingerprint data is not merged and easily accessible. NGI will include voice recognition, iris and retina scan data, facial recognition, DNA analysis, and more in an automated system designed to help law enforcement identify and capture suspects more efficiently and effectively.
Got Java? Even if you’ve applied the urgent out-of-band patch from Oracle, you may want to disable or uninstall Java itself. It turns out that the patch has its own flaws that make Java vulnerable to new attacks.
According to security experts, Oracle's Java patch resolves the multiple “zero-day” vulnerabilities currently being exploited by attacks in the wild. However, it also leaves open a vulnerability—which was discovered and reported to Oracle earlier this year—that could allow an attacker to bypass the Java sandbox protection and execute malicious code on the target system.
Oracle’s Java has become the new low-hanging fruit. Attackers used to target Adobe products as the weak link in the security chain, but Adobe has worked diligently to improve the security of its products, and—more importantly—the speed and predictability of its patches and updates. As a result, the focus has shifted to Oracle, and Oracle seems ill prepared to respond.
A new report summarizing the malware and cybersecurity trends for the second quarter of 2012 has been released. The report found the biggest spike in malware samples detected in four years, and illustrates the growing threat faced by mobile devices—particularly Android mobile devices.
There isn’t necessarily anything Earth-shattering in the quarterly report. The fact that it’s essentially more of the same, with slight variations on themes from previous quarterly reports, however, should be cause enough for concern. The bottom line message is that malicious attacks are a serious threat, and they’re not going away any time soon.