Emerging Threats News, Articles and Updates

AndroRAT exposes fragmented Android ecosystem vulnerabilities

A new version of a familiar menace, AndroRAT, has emerged from out of the trash to exploit long forgotten vulnerabilities.

GandCrab blends old and new threat resources as ransomware evolves

A ransomware threat called GandCrab emerged during the last week of January, which itself not that newsworthy. However, it's distribution method and ransom currency choice could be pointers to how 2018 ransomware will evolve.

Encryption protecting most mobile phones cracked

Computer security researchers say they have cracked the encryption algorithm used to protect most cell phone communications, potentially allowing attackers to listen in on the calls of billions of individuals.

"Nine-Ball" mass injection attack compromised 40,000 sites

A new threat dubbed "Nine-Ball" has compromised up to 40,000 legitimate websites, which are, in turn, infecting users with an information-stealing Trojan, according to security vendor Websense.

New Sality variant contains moneymaking twist

Users should be cautious of a new virus variant that leverages the old technique of file infection with the modern-day desire for financial gain, security researchers have warned.

New Symbian mobile malware in the wild

A new worm targeting mobile devices running Nokia's Symbian OS is spreading in China in a unique way: through malicious links contained in text messages.

2008: A year of cybercriminal innovation

With the emergence of new attack techniques and the reinvention of old ones, 2008 has been a year of cybercriminal innovation.

X-Force at mid-year: Cybercriminals get faster

Cybercriminals are adopting new automation techniques and improving on strategies that enable them to exploit vulnerabilities rapidly, a new study reveals.

Multiple vendors cooperate to issue DNS design flaw fix

A massive domain name server (DNS) design vulnerability that could permit cache poisoning - effectively allowing an attacker to direct users to the website of his choosing - is set to be fixed by an unprecedented synchronized series of multivendor patches.

Steganography harnesses VoIP networks

Steganography is an established technique to hide secret data inside normal data transmissions, but new techniques are being developed to hide packets inside routine VoIP traffic, and escape detection

Steganography developers turn their attention to hiding information in VoIP

The abundance of voice over IP equipment has led researchers to develop a range of techniques which, instead of hiding information in standard data traffic, will allow individuals to instead hide information in VoIP streams

Data watchdog admits to deluge of Central Government breach info

The Information Commmissioner's Office has revealed it has been voluntarily informed of a huge number of security breaches - mostly in Westminster - while it eyes up plans for a new law which could make the reporting of such incidents compulsory

PCI standard widened to include unattended point-of-sale terminals

Terminals such as those found in vending machines and on fuel pumps are to be included in additional guidelines to be written by the PCI Security Standards Council, producing extra demands on retailers

US Army set to hire internet spies

The American military is to increase its intelligence on the internet by hiring a contractor to analyse web pages, chatrooms and blogs on pertinent threats 24 hours a day

Europe just "weeks" away from data sharing deal with FBI

Brussels insiders have confirmed that the European Commission is nearing the conclusion of talks with the Americans over the provision of citizens' personal information to the FBI for terrorism fighting purposes

Microsoft presses deeper into security space

The software giant is spearheading its second global security initiative in a week, this time aiming to co-ordinate security response systems with other vendors

Case study: Deep inside the Serious Fraud Office's digital forensics unit

The SFO invited SC Magazine for a sneak preview of its recently revamped digital forensics unit, where scientists were hard at work dissecting and interrogating the latest mobile devices

Oyster card hackers may have their research blocked

Two Dutch academics who came to London last week to prove they could break the cipher behind London's Oyster travel card have been warned by the country's Government not to expose any secrets in their upcoming paper on the subject

Pacific island knocked off internet by DDoS attack

The Marshall Islands have been subjected to a prolonged bout of unexpected email traffic, preventing citizens receiving emails, but the reason for the attack remains unclear

Vulnerability in Adobe Acrobat leads to public exploit

Adobe has updated its Reader and Acrobat products to shore up a major vulnerability that is already being exploited in the wild

ESET launches anti-malware for Windows Mobile

The security company has released a free beta version of a software product which aims to prevent malware from infecting Windows Mobile devices

Trend Micro takes security into the cloud

The software vendor has unveiled its new approach to internet security, which means transferring the workload off individual PCs and into the internet

Coffee drinkers in peril after espresso overspill attack

A geeky risk advisory manager from global accountancy firm BDO has hacked into a leading coffee machine, causing it to pour scalding water onto unsuspecting espresso lovers

Stolen data found on international crimeservers

Two crimeservers containing half a gigabyte of stolen data have been discovered in Argentina and Malaysia; the data was likely being made available to the highest bidder

Interview: Louise Bennett

As the chair of the security forum at the British Computer Society, Dr Louise Bennett has an excellent bird's eye view of what's going wrong with the nation's security, as she tells SC Magazine

Symantec pledges support to under-fire malware tests

The security vendor says it's "absolutely" committed to the VB100 anti-malware tests, following Trend Micro's announcement of a boycott earlier this month

Ministry of Defence to bolster internet intelligence

The MoD is increasing its focus on online intelligence gathering - partly by using information from newspapers and blogs - and admits it needs to start exploiting data held in networks owned by other countries

Securing businesses is "extremely challenging", claim UK bosses

British businesses are finding that protecting their organisations from hackers, social networking threats and browser vulnerabilities is an increasing struggle, according to research

Motorola RAZR found vulnerable to JPEG attack

Hackers could run malicious code on the RAZR device by sending a corrupt image by MMS, according to an advisory from TippingPoint

ENISA warns Europe to step up to prevent 'digital 9/11'

The European Commission's security advisor says that imbalances between member states must be ironed out and the reporting of security breaches must become mandatory in order to tackle the threat of cyberattacks