Get up-to-the-minute news and opinions, plus access to a wide assortment of IT security resources that will keep you current and informed.

Keep me logged in Forgot your password?

Please wait...

Please wait...

 Social Networks

Botnets: The backdoor to the enterprise network

Tomer Teller, security researcher and evangelist at Check Point Software Technologies May 21, 2012

Compromising anywhere from a few thousand to well over a million systems, botnets are used by cyber criminals to take over computers and execute illegal and damaging activities.
 

Facebook, trust and security

David Harley, ESET senior research fellow April 04, 2012

Trusting the good intentions of an agency shouldn't carry an automatic assumption that what they do or say, or where they say it, is always good for you.
 

Kelihos lives on thanks to Facebook trojan

March 29, 2012

After being "sinkholed," the Kelihos.B botnet has been reconfigured and is spreading through social networking sites.
 

Sponsored Video: Stephen Cobb of ESET on RSA 2012 hot topics

March 05, 2012

Stephen Cobb, security evangelist at ESET, discusses the hot topics at this year's RSA Conference 2012, including BYOD, attacks on social networks, and resource challenges in today's economy.
 

Twitter acquires web malware fighter Dasient

January 24, 2012

Twitter, a hotbed of malware due to its extreme popularity, has made one of its first-ever security acquisitions with the purchase of Dasient.
 

New Ramnit variant steals Facebook logins

January 05, 2012

A new variant of the Ramnit virus harvested the login credentials of more than 45,000 Facebook users worldwide, according to researchers.
 

Twitter buys Whisper Systems for Android security

November 28, 2011

Twitter has acquired a start-up that makes security and management solutions for Android devices.
 

Privacy, identity, and the Nym of the Rose

David Harley, ESET senior research fellow • November 22, 2011

Anonymity and pseudonymity: A once and future thing.
 

Facebook identifies porn spam perpetrators

November 18, 2011

The social media giant is "pursuing the appropriate action" against those behind a wave of pornographic content that showed up on users' news feeds this week.
 

Microsoft YouTube channel hacked

October 24, 2011

Hackers over the weekend accessed Microsoft's YouTube channel to swap out videos with their own. It is unclear what the intruders' motive was, but they may have been able to access the account by stealing its login credentials from a Microsoft employee, Graham Cluley, senior technology consultant at anti-virus firm Sophos, said in a blog post Sunday. One of the unauthorized videos posted was titled "Bingo" and featured an animated video game character shooting another character. By Monday morning, the channel was operating normally. The incident followed hackers last week taking over the Sesame Street YouTube channel to display pornographic videos.
 

Podcast: Automating social engineering

October 21, 2011

The process of delivering targeted attacks to end-users has gotten easier for attackers thanks to automated social engineering, in which adversaries can write tools that scour the web for personal data to include in their emails to increase their believability. The goal, of course, is to design messages that people are more likely to click on and, as a result, install malware on their machines or divulge personal information. In this podcast, Matias Brutti, a security consultant at security services firm IOActive, explains what the automation of social engineering means for organizations and how they can fight back.
 

USA Today Twitter account hacked by The Script Kiddies

September 26, 2011

The Twitter account belonging to the USA Today was hacked over the weekend by a group called The Script Kiddies. In tweets posted from the compromised account, the hacktivist group bragged about past hacking feats, and urged users to "like" them on Facebook and vote on who they should infiltrate next. It is unclear how the hackers were able commandeer control of the account. The same group also claimed responsibility earlier this month for hacking the NBC News Twitter account and sending a series of erroneous tweets. In that case, a trojan permitted the takeover.
 

Who missed Facebook's bounty party?

Sean Martin, founder, imsmartin consulting August 12, 2011

Facebook should use its recently announced vulnerability bounty program to push for more security in third-party applications that run on the site.
 

Anonymous plan to "kill" Facebook may be fake

August 10, 2011

One of the more prominent members of the Anonymous hacking movement has shot down reports that the group is planning to take down Facebook on Nov. 5. "Sabu" tweeted Wednesday that the so-called OpFacebook is a hoax. His claim was backed up by AnonOps, considered the most reliable Anonymous news source on Twitter. It is possible splinter members are planning the attack, which is being launched over allegations that Facebook provides information about its users to government agencies and security firms, according to a YouTube video posted in mid-July. The Nov. 5 date is known as Guy Fawkes Day to commemorate the capture of the British revolutionary who plotted to blow up the House of Lords.
 

FTC finalizes settlement with Twitter over privacy

March 15, 2011

The Federal Trade Commission late last week finalized a proposed settlement with Twitter, resolving charges that the social networking site failed to failed to properly safeguard the data and privacy of its users. As part of the settlement, announced in June, Twitter must create and maintain a comprehensive information security program and succumb to a third-party audit biennially for 10 years. Twitter was also barred for 20 years from misleading consumers about its security and privacy protections. Each subsequent violation may result in a penalty of up to $16,000. - AM
 

Cyberwar PsyOps: Islamic suffrage and social media

Charles Jeter, ESET cybercrime investigator January 28, 2011

What cyberwar psychological operations are now being conducted by women? How can information businesses be adaptable for changes which may be trending in a new Middle East? Part four of a series.
 

Cyberwar PsyOps Analysis: Egypt 2011

Charles Jeter, ESET cybercrime investigator January 28, 2011

#OpEgypt and #Jan25 lead in this cyberwarfare analysis on psychological operations using social media. The old-school mobile phone is now the instrument of real-time sitreps. Will cellular network technology be the next risk for state-sanctioned cyberwarfare? Part three of a series.
 

The time axis of evil: phishing's golden hour

Charles Jeter, ESET cybercrime investigator December 22, 2010

Five steps any size business can employ today to crush phishing risks.
 

Stuxnet's persistent legacy: Cybersecurity is blended security

Charles Jeter, ESET cybercrime investigator December 09, 2010

Were cybersecurity and Stuxnet involved with Iranian Prof. Shahriari's recent assassination? What are the game-changing physical security considerations for chief information officers?
 

Social networks: Criminal enterprise, Pt. 2

Charles Jeter, ESET cybercrime investigator December 01, 2010

Some low level criminal networks have profiles in everyday social networks. Would researching these profiles during cyber intrusion research risk tipping off the bad guys?
 

Scammers ready to pounce on Cyber Monday deal-hunters

November 23, 2010

Social networking sites and search engines are expected to be hit hard as cybercriminals try to wrangle in unsuspecting holiday shoppers.
 

New malicious email campaign targets Facebook users

November 19, 2010

A large wave of malicious emails claiming to come from Facebook began hitting inboxes this morning, according to researchers at messaging security firm AppRiver. The emails contain the subject line "Facebook Support" and purport to be from "Facebook office." Recipients are told their Facebook accounts have been blocked due to spam activity and they must use a new password, which is included in an attachment. However, the attachment actually contains a variant of the Oficla downloader, which has been known to install rogue anti-virus programs and the Zeus trojan. AppRiver has detected more than 100,000 of the messages. - DK
 

Firefox add-on allows session hijacking of popular sites

October 26, 2010

A computer researcher has released a plug-in for the Firefox web browser that lets anyone scan open Wi-Fi networks and hijack, for example, Twitter and Facebook accounts.
 

Twitter recovers after second worm attack in a week

September 27, 2010

Twitter is cleaning up from another fast-spreading worm that forced users to tweet out a graphic message.
 

Twitter hole patched

September 22, 2010

A flaw allowing JavaScript code to appear in tweets was plugged Wednesday morning by engineers at Twitter.com. The far-ranging cross-site scripting attack, which reportedly originated as a harmless, proof-of-concept attack by an Australian teenager, was estimated to affect more than 500,000 users of the social network site. The attacks exploited a common JavaScript feature, onmouseover, that allows programmers to create discrete actions when users move their mouse cursor over an area of a web page. The worm allowed attackers to infect a user's account, as well as those of their followers. - GM
 

Twitter fixes XSS flaw after being exploited

September 08, 2010

Cybercriminals this week took advantage of a cross-site scripting vulnerability on Twitter that since has been fixed, according to security researchers
 

Facebook unveils new logout capability

September 03, 2010

Facebook on Thursday announced the launch of a new security feature that allows members to log out of any active sessions from a central control. The function is aimed at users who may have accidentally remained logged in when using a computer or mobile device that wasn't their own. However, according to a Facebook Security blog post, the feature also can be used to sign off individuals who may have gained unauthorized access to an account. The new tool complements a feature announced in May that allows users to approve the devices that can access their accounts. — DK
 

Spammers inundate Apple's new social media service Ping

September 03, 2010

Apple's new social media service Ping already is being abused by spammers, security experts are warning.
 

Fake TweetDeck update on Twitter leads to trojan

August 31, 2010

Attackers took to Twitter on Monday to spread malware via links pointing to what they claimed was an update to the popular microblogging client TweetDeck.
 

Facebook "dislike" button scam spreading

August 16, 2010

The latest scam to hit Facebook is trying to trick users into spreading spam with the offer of a "dislike" button, Graham Cluley, senior technology consultant at anti-virus firm Sophos, said in a blog post Monday. Many users have been clamoring for such a capability, as they could use the button to give a thumbs-down to other posts, links or uploads of which they are not fond. A "like" button already exists. The scam entices users to click on a link and install a rogue Facebook application, Cluley said. If the app is given permission to run, it posts spam messages from the user's account and prompts them to complete an online survey that makes money for the perpetrators. — AM
 
Popular Topics
4G-war Advanced Persistent Threat Adware AMTSO Anonymous Botnets Cyber Attacks Cyber Crime Data Breach Data Breaches Encryption Hackers Hacktivism Health Care IT Security Java Malware Mobile Devices Phishing Risk Management Social Security Numbers Stolen Information Survey Trojans Vulnerabilities & Flaws