OpenSSL has released a series of patches against six vulnerabilities, including a pair of high-severity flaws that could allow attackers to execute malicious code on a web server as well as decrypt HTTPS traffic.
OpenSSL is an open-source cryptographic library that is the most widely being used by a significant portion of the Internet services; to cryptographically protect their sensitive Web
An Android Trojan is spying on its victims and even tricking some into giving up their credit card information.
Most of today’s malware authors create malware for one of two reasons: either to make money or to steal valuable data. In this blog post, we will show how an Android Trojan relies on social engineering. Social engineering tactics are used to trick people into performing an action, like clicking on a link or downloading an application. The person being tricked thinks they are doing something innocent when they are really clicking on or downloading something malicious. This malware is associated with the banker family as it tries to steal user’s credit card information.
Once installed, the Banker Trojan puts an icon in the launcher.The app name shown with the icon can vary from sample to sample — some of the names we have seen were : AVITO-MMS, KupiVip and MMS Центр (MMS Center).
A massive database of 272 million emails and passwords for popular email services, including Gmail, Microsoft, and Yahoo, are being offered for sale on the Dark Web for less than $1, media reports.
An anonymous Russian hacker, who goes by the moniker “the Collector,” was first spotted by cybersecurity firm Hold Security advertising 1.17 Billion user records for email accounts on a dark web
A 10-year old boy has found a security flaw in Instagram and, for his efforts, been rewarded $10,000 by Facebook.
The post 10-year-old Finnish boy uncovers Instagram comments vulnerability appeared first on We Live Security.
With 1,590 million active users per month, Facebook is the Social Network. In fact, they just posted their quarterly earnings and they are up 50%. Cyber-criminals are aware of their success.
These platforms are the ideal place to “phish” for information. 18% of companies infected by malware were infected through social networks. Attackers pass as part of a company’s customer service team in order to steal sensitive data from consumers.
A recent study was released by the RSA organization proving that cyber-crime on social networks is a “global epidemic”. The RSA organization was founded by the creators of the encryption algorithm that is used every time we make a bank operation online or digitally sign something.
Cyber-crime in social networks
is a “global epidemic”
These platforms are not only hot-spots for attacks but they have also become the perfect forum for scammers to communicate. According to the study, there are more than 500 online fraud related groups with more than 220,000 members. The majority of these groups are public and visible.
Fraudsters share information like credit card numbers accompanied by personal information and authorization codes, cyber-crime tutorials and other malware tools.
Proving this, the investigation invites us to write our CVV or CVV2 numbers in the Facebook search bar (those verification numbers on the back of a credit card). The result will surely surprise you: it is easier to find data from a stolen credit card than find an old friend you are trying to reconnect with.
In total, the RSA detected some 15,000 compromised credit cards publicized on social networks in the six months that the study lasted. He also discovered that many of these criminal groups focus their attacks on shops, banks and accounts of consumers in their area.
In China and Russia, platforms QQ and VKontakte are preferred by the scammers, while in the rest of the countries, Facebook remains the favorite. Unfortunately for us, cyber-criminals really “Like” Facebook.
The post Cyber-criminals really “Like” Facebook appeared first on Panda Security Mediacenter.
Ransomware – it’s the online threat everyone’s talking about. Crypt0L0cker was one of the first on the scene in 2013; and since then, the costs of attacks continue to grow.
As an individual or business owner, you may be wondering just what ransomware is, what kind of risk it poses to you, and how attacks like these can occur.
Here’s the breakdown.
What is ransomware?
Ransomware is a type of malware with the ability to silently encrypt your files, before demanding payment for their return – often with a time limit.
And not only does ransomware target your most valuable files, like photos, documents and spreadsheets, it can also lock down system files to render your web browser, applications, and entire operating system unusable.
Our VirusLab has analyzed many variants of ransomware, including the well-known Crypt0L0cker, Locky, and TeslaCrypt.
But the threat isn’t limited to PCs. Both Android™ mobile devices and Macs can be infected as well.
How does ransomware get on my PC?
Most commonly, ransomware is spread via malicious email links and attachments – often concealed by changing the file extension and compressing the malicious code into a zip file. Opening the file infects your system.
Ransomware can also be bundled into other applications, such as games, video players, etc. So any application from an unknown or untrusted publisher is a potential risk upon installation.
Once on your system, ransomware works in the background, connecting to a remote server to encrypt single files, whole directories of files, or complete drives.
How do I know if my PC is infected?
You’ll see a message pop up demanding payment, which can range from a few hundred to tens of thousands of dollars. Payment must usually be made in some form of anonymous currency, like Bitcoin.
But even if you pay the ransom, there are no guarantees your files will be unlocked.
So naturally, this kind of malware has incredibly serious consequences, particularly for businesses holding sensitive customer information or internal data that’s not securely backed up.
Does AVG protect against ransomware?
It sure does. Both our PRO and FREE versions of PC antivirus provide protection against ransomware. This goes for AVG Business Editions, too.
Our protection is multi-layered. Not only do we check against known malware variants and behavioral patterns in our virus database, we also further test previously unseen files in a secure virtual environment before they are executed on your PC. This is done using artificial intelligence, sophisticated behavioral analysis and various other methods.
And we automatically update it all, so you stay protected.
The first quarterly threat report of the year shows growing need to be Ransom Aware
crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms.
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
