Avira researchers still don't know how the mixup happened, but their chief theory is that a whitehat hacker compromised some of the Dridex distribution channels and replaced the normal malicious executables with a digitally signed Avira installer. As a result, when targets opened attachments contained in spam e-mails sent by Dridex servers, the would-be marks were instead prompted to run a program designed to protect computers from the very likes of the Dridex threat.
A unique scareware campaign targeting Mac OS X machines has been discovered, and it’s likely the developer behind the malware has been at it a while since the installer that drops the scareware is signed with a legitimate Apple developer certificate.
Its new Dell Data Protection Endpoint Security Suite Enterprise includes post-boot BIOS verification which it's claimed will enable customers to ensure that their PCs remain free from malware during the initial startup process.
PayPal has stopped accepting payments for Canadian outfit UnoTelly—a provider of VPN and SmartDNS services—because these might be used to facilitate copyright infringement.
UnoTelly said in an update on its website that Paypal had "severed payment processing agreement unilaterally and without prior warning." It added: "Paypal indicated that UnoTelly is not allowed to provide services that enable open and unrestricted Internet access."
According to Kaspersky Lab, in 2015:
* the proportion of spam in email flows was 55.28%, which is 11.48 percentage points lower than in 2014;
*79% of spam emails were no more than 2 KB in size;
*15.2% of spam was sent from the US;
*146,692,256 instances that triggered the ‘Antiphishing’ system were recorded;
*Russia suffered the highest number of phishing attacks, with 17.8% of the global total;
*Japan (21.68 %) took the lead in the ranking of unique users attacked by phishers;
A security researcher has published details of a newly-discovered flaw that can allow an attacker to quickly bypass iPhone and iPad lock screens. Disclosed on Thursday, the "high"-rated vulnerability is said to affect iPhones 5 and 6, and iPad 2 tablets running iOS 8.2 and later. It's not clear if other devices are affected.
The "Installer" for the fake Flash update will install various scare ware (I observed a couple different varieties when re-running the installer), and it actually installs an up to date genuine version of Flash as well.
Alex Farrant and Neil Biggs, both of the research team for Context Information Security in the U.K, analyzed Motorola’s Focus 73, an outdoor security camera. Images and video taken by the camera can be delivered to a mobile phone app.
It's still not clear how, but a disproportionately large number of websites that run on the WordPress content management system are being hacked to deliver crypto ransomware and other malicious software to unwitting end users.
Europe's highest court is considering whether every hyperlink in a Web page should be checked for potentially linking to material that infringes copyright, before it can be used. Such a legal requirement would place an unreasonable burden on anyone who uses hyperlinks, thereby destroying the Web