How NBC's Russian Hack Actually Happened, According to the Security Expert Who Set It Up

A couple days ago, NBC News ran a report pegged to the Sochi Olympics about Russian hacking. In it, correspondent Richard Engel uses a “brand new” smartphone to test out the Russian internet while hanging out in a Moscow cafe. “Almost immediately,” he says in the segment, “we were hacked.” Naturally, as the security consultant NBC hired for the segment explained today, it’s not true. The consultant, Kyle Wilhoit, a senior threat researcher at Trend Micro, set the record straight today in a blog post on the Trend Micro site and an accompanying white paper....

February 10, 2014 · 4 min · 852 words

The FBI is willing to pay top dollar to download some malware

The Federal Bureau of Investigation is willing to pay top dollar for the malicious, infectious software the rest of us pay to keep out of our computers, according to the Federal Business Opportunities website. A Monday price quote request by the Investigative Analysis Unit of the agency’s Operational Technology Division is asking computer security developers and retailers to help the agency build a library of malware for an undisclosed reason, letting the companies name their price....

February 7, 2014 · 2 min · 253 words

Firefox 22 enables WebRTC, makes social APIs easier to manage

BetaNews: Mozilla has released Firefox 22.0 FINAL for Windows, Mac and Linux. The update includes some platform-specific improvements — Firefox following display scaling options in Windows, and providing download progress indicators in its dock application icon in OS X — plus a number of other tweaks and improvements. Other new features include the ability for users to now manage their social API plug-ins via the Add-ons menu (select Services in the left-hand menu to do so), while users can now adjust the playback rate of HTML5 audio and video files (right-click the playback screen and choose Play Speed to do so)....

June 26, 2013 · 2 min · 285 words

WordPress hardened with XSS, DoS and SSRF fixes

With the second security and maintenance release of WordPress 3.5, the developers of the popular open source blogging software have closed 12 bugs, seven of them security issues. In their announcement, the developers “strongly encourage” all users to update all their installations of the software to version 3.5.2 immediately. In addition to the fixed vulnerabilities, the new release also includes some proactive changes intended to harden the platform against attacks....

June 25, 2013 · 1 min · 195 words

Google cuts grace period for vendors of vulnerable software

Google is shortening the amount of time it gives to makers of vulnerable software and web services if there is imminent danger. The Google security team say that if they encounter a zero-day issue that is already being actively used for cyber attacks, it will grant the affected manufacturer just seven days grace to fix the vulnerabilities or publish an advisory with mitigation strategies for users. After seven days, Google wants to publish details of the vulnerability in such a way that users of the vulnerable software can protect themselves from attacks....

May 31, 2013 · 2 min · 252 words

Iranian Hackers targeting US oil, gas, and electric companies

The Hacker News reported: For all the talk about China and the Syrian Electronic Army, it seems there’s another threat to U.S. cyber interests i.e. Iran. Series of potentially destructive computer attacks that have been targeting American oil, gas and electricity companies tracked back to Iran. Iranian hackers were able to gain access to control-system software that could allow them to manipulate oil or gas pipelines. Malware have been found in the power grid that could be used to deliver malicious software to damage plants....

May 26, 2013 · 2 min · 336 words

Name.com domain registrar hacked

US domain registrar and web hosting service Name.com has fallen victim to a hacker attack. In a recent email, the company informed its customers of an incident that potentially enabled unknown attackers to gain access to “email addresses, encrypted passwords and encrypted credit card details”. The registrar says that the private crypto keys that are required to decrypt the stolen credit card details are stored on a separate system that wasn’t compromised....

May 13, 2013 · 1 min · 171 words

Ubuntu 13.04 Raring Ringtail is out, What's new?

Canonical has released Ubuntu 13.04 Raring Ringtail, most likely the last release of Ubuntu that will primarily cater for laptop and desktop users. For Ubuntu 13.04, Canonical focused on tightening up the core of the OS and polishing the Unity interface in preparation for Ubuntu’s smartphone and tablet debut, which is slated to occur in October with the release of version 13.10. There’s also the usual slew of package updates, a new Linux kernel, and a couple of new features, too....

April 25, 2013 · 3 min · 565 words

Symantec vs AV-Comparatives, Which one do you trust?

Cross-posted from PCMag SecurityWatch: Last week independent antivirus lab AV-Comparatives released the results of an on-demand antivirus detection test. The fact that Microsoft came in near the bottom wasn’t big news; the fact that Symantec scored even lower was surprising indeed. In a blog post released today, Symantec decried the entire practice of performing on-demand malware scanning tests, calling it “misleading.” In the early years of antivirus testing, every test was an on-demand scanning test....

April 25, 2013 · 5 min · 1044 words

Boston Marathon Bombing Links May Hide Java-Based Exploits

PCMag: My social media accounts and email inbox are full of links to stories about the horrific incident in Boston earlier this week. I am reading about the victims, the bystanders and first responders that rushed to help, and looking for updates on the investigation. It turns out I should be careful about what links I click on, as cyber-criminals have already started exploiting the tragedy for their own nefarious purposes, security experts told SecurityWatch....

April 17, 2013 · 3 min · 629 words