Smashing Security #036: Flash? Clunk flush… and hacking security researchers

A security threat researcher is badly hacked in a revenge attack. Some people want to save Adobe Flash, but is that wise? And a poorly-secured electronic billboard starts displaying offensive images…

All this and much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

52 sec read

Ex-FireEye intern escapes prison sentence after creating and selling Dendroid malware

Morgan Culbertson, the ex-FireEye intern who created and sold Android spyware, says he’s very sorry.

51 sec read

LatentBot malware opens a backdoor on the finance industry

Security researchers have uncovered the LatentBot malware, a sophisticated and unusual attack that is using multiple levels of obfuscation to target companies in the financial and insurance industries around the world.

David Bisson reports.

2 min read

Researcher demands FireEye pay up for zero-day vulnerabilities or suffer his ‘cold silence’

A security researcher has demanded that FireEye pay him for several zero-day vulnerabilities he found in the firm’s security products, and he has threatened that he will otherwise remain silent about the bugs’ details.

David Bisson reports.

1 min read

Zero-day vulnerabilities reportedly found in Kaspersky and FireEye security products

This weekend, vulnerability researchers have separately disclosed flaws in products from Kaspersky and FireEye that could be exploited by malicious hackers.

3 min read

FireEye intern created and sold Dendroid malware

Everyone loves a good conspiracy theory.

But people in the anti-virus industry don’t write and sell malware. At least, not usually.

1 min read

New ways to attack iPhones exposed – make sure you update to iOS 8.4

This week Apple has released the latest version of iOS for iPhone and iPad users – iOS 8.4 – introducing Apple Music.

But there are serious security reasons why you should update your iDevices too.

1 min read

Thousands of popular iOS and Android apps hit by FREAK flaw

Some of the most popular Android and iOS apps remain impacted by the FREAK flaw, and could open the door for hackers to steal passwords and personal information.

1 min read

How to recover files from a CryptoLocker attack – for free!

Boffins have created a free service to help anyone has fallen foul of the notorious CryptoLocker ransomware that encrypts computer files and demands a ransom be paid for the decryption key.

1 min read

New zero-day exploit attack sees Internet Explorer in the line of fire. No fix from Microsoft yet

A new zero-day vulnerability has been found in all versions of Internet Explorer, and it is being actively exploited in targeted attacks according to security firm FireEye.

2 min read

Adobe Flash zero day exploit patched, after foreign policy websites compromised

Adobe Flash users are once again being told they need to update their software, after a new zero-day exploit was discovered.

The critical security flaw in in Adobe Flash Player was uncovered after hackers targeted visitors to a number of different foreign and economic policy websites dealing with matters of national security.

1 min read

Windows XP users warned of new, in-the-wild, zero-day attack

If you’re one of the many people still running Windows XP on your computer, be on your guard.

55 sec read

Microsoft to patch actively-exploited zero-day flaw on Tuesday

Microsoft has a fix already prepped, for an attack that has seen malware load directly into computers’ memory, bypassing the hard drive.

1 min read

“Diskless” Internet Explorer zero-day attack discovered in the wild

Researchers have warned of new zero-day vulnerabilities in versions of Internet Explorer that are being actively exploited to infect computers in drive-by attacks.

1 min read

Microsoft zero-day was used in Citadel Trojan campaign, as well as targeted attacks

FireEye says it has uncovered evidence that the recently-announced Microsoft zero-day vulnerability is not just being used in targeted attacks, but also has been used in wider finanically-motivated malware campaigns.

51 sec read

Adobe investigates PDF Reader zero-day vulnerability reports

Adobe’s security team has said that it is investigating reports of a brand new zero-day vulnerability affecting its Adobe Reader and Acrobat XI (11.0.1) products.

Always be wary of opening unsolicited PDF files!

8 sec read