May 15, 2012 - Back in 2008, EICAR rejected a paper proposed by Andrew Lee and myself discussing the state of anti-malware testing and how it might be improved, on the grounds that it was “advertising” the fledgling AMTSO (Anti-Malware Testing Standards Organization) initiative. (continue reading...) Read more
May 15, 2012 - Here are two staggering Facebook privacy statistics: Nearly 13 million US Facebook users have never set, or don’t know about, Facebook’s privacy tools, and only 37 percent have used Facebook's privacy tools to customize how much information is shared with (continue reading...) Read more
May 11, 2012 - When we relayed the FBI/IC3 warning to travelers about a threat involving hotel Internet service overseas last week it produced a lot of requests for advice on how to respond to the threat. So a few of us researchers (continue reading...) Read more
May 10, 2012 - We have just completed fresh analysis of the malicious software known as Win32/Festi. While the "Festi" botnet created with this malware has been in business since the autumn of 2009 we can see that the software is frequently updated, as (continue reading...) Read more
May 8, 2012 - We received a worrying notice today from the Internet Crime Complaint Center (IC3) which is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), The headline reads: "Malware Installed on Travelers' (continue reading...) Read more
May 1, 2012 - A few months ago I wrote a fairly short comment piece for Virus Bulletin on how some popular posts to Facebook that invite you to make use of your personal data might be useful to scammers and others as (continue reading...) Read more
May 1, 2012 - Apologies if you're bored with my banging on about PC support scams, but it seems that there are plenty of people who aren't. At any rate, some of my previous blogs on the subject have attracted more comments than (continue reading...) Read more
April 30, 2012 - The wave of new data technology making its way into the next generation of cars – ranging from vehicles which semi-autonomously drive themselves, to realtime data streaming onto head's up displays – begs the question: will they be safe from (continue reading...) Read more
April 28, 2012 - The consumer cloud expanded again this week with the addition of Google Drive to more familiar brands like Dropbox, Microsoft SkyDrive, Apple iCloud, and Amazon Cloud Drive. Unfortunately, most of these cloud-based file storage services come with privacy and security (continue reading...) Read more
April 25, 2012 - The Flashback trojan has been all over the news lately, but it is not the only Mac malware threat out there at the moment. A few weeks ago, we published a technical analysis of OSX/Lamadai.A, the Mac OS X (continue reading...) Read more
April 23, 2012 - What do printed QR codes and NFC (Near Field Communication) chips have in common, besides storing instructions that computers can read? They are both hackable and their ability to store and communicate computer instructions is bound to be abused, if (continue reading...) Read more
April 21, 2012 - As written in our “Password management for non-obvious accounts” blog post on February 22, the FBI confiscated the DNS Servers used by the DNS Changer malware and replaced them with different servers so that infected users would not (continue reading...) Read more
April 18, 2012 - A while ago, I responded to a blog comment promising some thoughts on how to recognize a cold-calling PC support scam. Unfortunately, I wasn't able to do that immediately, and then I was on vacation with no Internet connectivity (continue reading...) Read more
April 16, 2012 - Phishers always try to find new ways to bypass security features and trick ‘educated’ users. Over the years we have seen simplistic phishing attempts where the required information had to be typed into the e-mail body. This worked at that (continue reading...) Read more
April 16, 2012 - I’ve had a long if intermittent association with the Anti-Phishing Working Group, going back to the early noughties when I represented the UK’s National Health Service there (continue reading...) Read more
April 13, 2012 - The biggest Mac botnet ever encountered, the OSX/Flashback botnet, is being hit hard. On April 12th, Apple released a third Java update since the Flashback malicious code outbreak. This update includes a new tool called MRT (Malware Removal (continue reading...) Read more
April 12, 2012 - We recently highlighted a security walkthrough on Pinterest.com, the pinboard style sharing website that’s taking the social media by storm. Since then, they’ve continued to grow, and continued to have accompanying growing pains common in organizations with rapid growth. (continue reading...) Read more
April 11, 2012 - Does your company have a written information security program? If not, you could be an easy target for cybercriminals AND end up on the wrong side of the law, regardless of where your company is located or what size it (continue reading...) Read more
April 5, 2012 - If you are a Mac user and you have Java installed on your Mac, then right now would be a good time to run Software Update… from the Apple menu to make sure you have installed the latest Java for (continue reading...) Read more
April 5, 2012 - This week we have detected another interesting attack vector. This time cybercriminals are using an interesting technique for hiding malicious Javascripts and employ implicit iFrame injection. At this moment we are tracking hundreds of infected legitimate web sites in the (continue reading...) Read more