Don't-Miss Stories

Phishing increase builds on hijacked brand names, study reports

The number of brands used in spoofed emails that trick people into visiting malicious Web sites or clicking on malware attachments rose in the second quarter.

Malware virus

FBI posts $50,000 reward for 'Lover Spy' malware writer

The FBI has offered large rewards for information that could help catch accused cybercriminals who have been wanted for years.

malware

Spike in traffic with TCP source port zero has some researchers worried

A significant increase this weekend in TCP traffic with source port zero detected could be part of reconnaissance efforts in preparation for more serious attacks, according to security researchers from Cisco Systems.

hackers

CryptoLocker creators try to extort even more money from victims with new service

Users who removed the original malware infection, intentionally or not, are asked to pay five times more to recover their files.

Google's Chrome will automatically block malware

A version of Chrome designed for early testing by developers will display a small warning note letting users know when it prevents malware from being downloaded.

malware

Security researcher says new malware can affect your BIOS; communicate over the air

If it exists, badBIOS infects your machine's BIOS -- the small bit of firmware that prepares your machine before booting the operating system.

Microsoft, Symantec battle fake credentials in malware

An alarming growth in malware signed with fraudulently obtained keys and code-signing certificates in order to trick users to download harmful code is prompting Microsoft and Symantec to push for tighter controls in the way the world's certificate authorities issue these keys used in code-signing.

Security firm warns of pervasive Mevade botnet

Hundreds of global organizations have been infected by a Russian botnet as part of a cybercrime campaign that could be connected to the mysterious traffic spike that hit the Tor anonymity system in August, security firm Websense says.

PHP.net maintainers to reset user passwords, change SSL certificate

Attackers compromised two php.net servers, injecting malicious code into the website, so The PHP Group is resetting passwords for the official website of the PHP programming language. It's also changing php.net's SSL certificate.

PHP.net compromised and used to attack visitors

Attackers injected malicious JavaScript code into the official website for the PHP programming language, redirecting some visitors' browsers to Flash exploits.