Smashing Security podcast #036: Flash? Clunk flush… and hacking security researchers

A security threat researcher is badly hacked in a revenge attack. Some people want to save Adobe Flash, but is that wise? And a poorly-secured electronic billboard starts displaying offensive images…

All this and much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Ex-FireEye intern escapes prison sentence after creating and selling Dendroid malware

Morgan Culbertson, the ex-FireEye intern who created and sold Android spyware, says he’s very sorry.

LatentBot malware opens a backdoor on the finance industry

Security researchers have uncovered the LatentBot malware, a sophisticated and unusual attack that is using multiple levels of obfuscation to target companies in the financial and insurance industries around the world.

David Bisson reports.

Researcher demands FireEye pay up for zero-day vulnerabilities or suffer his ‘cold silence’

A security researcher has demanded that FireEye pay him for several zero-day vulnerabilities he found in the firm’s security products, and he has threatened that he will otherwise remain silent about the bugs’ details.

David Bisson reports.

Zero-day vulnerabilities reportedly found in Kaspersky and FireEye security products

This weekend, vulnerability researchers have separately disclosed flaws in products from Kaspersky and FireEye that could be exploited by malicious hackers.

FireEye intern created and sold Dendroid malware

Everyone loves a good conspiracy theory.

But people in the anti-virus industry don’t write and sell malware. At least, not usually.

New ways to attack iPhones exposed – make sure you update to iOS 8.4

This week Apple has released the latest version of iOS for iPhone and iPad users – iOS 8.4 – introducing Apple Music.

But there are serious security reasons why you should update your iDevices too.

Thousands of popular iOS and Android apps hit by FREAK flaw

Some of the most popular Android and iOS apps remain impacted by the FREAK flaw, and could open the door for hackers to steal passwords and personal information.

How to recover files from a CryptoLocker attack – for free!

Boffins have created a free service to help anyone has fallen foul of the notorious CryptoLocker ransomware that encrypts computer files and demands a ransom be paid for the decryption key.

New zero-day exploit attack sees Internet Explorer in the line of fire. No fix from Microsoft yet

A new zero-day vulnerability has been found in all versions of Internet Explorer, and it is being actively exploited in targeted attacks according to security firm FireEye.

Adobe Flash zero day exploit patched, after foreign policy websites compromised

Adobe Flash users are once again being told they need to update their software, after a new zero-day exploit was discovered.

The critical security flaw in in Adobe Flash Player was uncovered after hackers targeted visitors to a number of different foreign and economic policy websites dealing with matters of national security.

Windows XP users warned of new, in-the-wild, zero-day attack

If you’re one of the many people still running Windows XP on your computer, be on your guard.

Microsoft to patch actively-exploited zero-day flaw on Tuesday

Microsoft has a fix already prepped, for an attack that has seen malware load directly into computers’ memory, bypassing the hard drive.

“Diskless” Internet Explorer zero-day attack discovered in the wild

Researchers have warned of new zero-day vulnerabilities in versions of Internet Explorer that are being actively exploited to infect computers in drive-by attacks.

Microsoft zero-day was used in Citadel Trojan campaign, as well as targeted attacks

FireEye says it has uncovered evidence that the recently-announced Microsoft zero-day vulnerability is not just being used in targeted attacks, but also has been used in wider finanically-motivated malware campaigns.

Adobe investigates PDF Reader zero-day vulnerability reports

Adobe’s security team has said that it is investigating reports of a brand new zero-day vulnerability affecting its Adobe Reader and Acrobat XI (11.0.1) products.

Always be wary of opening unsolicited PDF files!