malicious
Latest
Facebook sues cloaking software maker for deceptive COVID-19 ads
ILikeAd used cloaking, as well as “celeb baiting.”
Philips patched a longstanding Hue bulb security flaw
Philips and its parent company Signify have patched another Hue smart light bulb vulnerability. Fortunately, the flaw was discovered by security researchers at CheckPoint Software, and it's unlikely that it was exploited in the wild. But this isn't the first time researchers have shown how smart home products, and Hue lights specifically, could give hackers access to entire home or business networks.
Nearly everyone in Ecuador is the victim of a data breach
A massive data breach exposed sensitive data of nearly every individual in Ecuador. The breach impacted an estimated 20 million people -- for reference, Ecuador has a population of about 17 million. According to ZDNet, it exposed data on 6.7 million minors, as well as the country's president and WikiLeaks founder Julian Assange, who was granted political asylum by Ecuador in 2012.
LastPass patched a bug that could have exposed your passwords
If you use LastPass to manage your passwords, now would be a good time to make sure you're running the latest version, 4.33.0. As Gizmodo reports, LastPass recently patched a bug that could have been used to compromise users' security credentials. The patch should have arrived automatically, but as a precaution, it's worth making sure you're running the September 12th update.
TrickBot malware may have hacked 250 million email accounts
TrickBot malware may have stolen as many as 250 million email accounts, including some belonging to governments in the US, UK and Canada. The malware isn't new. In fact, it's been circulating since 2016. But according to cybersecurity firm Deep Instinct, it has started harvesting email credentials and contacts. The researchers are calling this new approach TrickBooster, and they say it first hijacks accounts to send malicious spam emails and then deletes the sent messages from both the outbox and trash folders.
Samsung tweet suggests scanning your smart TV for malware every few weeks
This morning a Samsung customer support account tweeted an odd warning that, to prevent malicious software attacks on your smart TV, you should scan it for viruses every few weeks. It even included an instructional video to help you do so. The tweet, first spotted by The Verge, was short lived. Samsung has since removed it, but it existed long enough to raise a few red flags.
New Twitter users will have to verify a phone number or email address
Twitter has begun to acknowledge that it has persistent problems with malicious automation and spam accounts and it has been working on ways to fix these issues. Today in a blog post, the company shared some of its efforts as well as the progress it has made in some areas. First, it said that its machine learning tools have allowed it to spot more automated accounts without the need to rely on reports from others. Last month, Twitter said its systems "identified and challenged more than 9.9 million potentially spammy or automated accounts per week." A pace that's up from 6.4 million in December and 3.2 million last September. At the same time, reports of spam dropped from around 25,000 per day in March to approximately 17,000 per day in May.
Russian hackers had hundreds of US targets in addition to the DNC
Various US agencies continue to look into the role Russia played in last year's presidential election, and targets of those investigations include interactions between Trump advisors and Russian officials, ads purchased by Russian agents through social media sites like Facebook and Twitter and whether the Kremlin was involved in the DNC email hacks of last year. In regards to the latter, Russia has been suspected of being behind the hacks for quite some time and just this week, reports have surfaced that the US Department of Justice has pinpointed six Russian officials it believes to have been involved in the hacks. However, a report released today by the Associated Press suggests that the group behind the DNC email breaches actually had a much wider range of targets.
PlayStation Plus gets free Malicious, cheap Grand Theft Auto
This week's free North American PlayStation Plus game is Malicious, a third-person action game in which players defeat an eclectic collection of bosses and pilfer their powers. Meanwhile, the Spring Fever sale event continues for PlayStation Plus with a series-wide sale on the Grand Theft Auto games, including recent PS2 Classics GTA 3 (for under $5) and GTA: San Andreas (for under $8).
Demon's Souls pounces on PlayStation Plus today
The malignant majesty of Demon's Souls becomes free to North American PlayStation Plus members in today's PSN update. The servers for the From Software game are staying online for the foreseeable future, so there's no reason to pass on a PS3 game we described as a "leather-clad mistress" in our 2009 review - unless, perhaps... you're scared?Less sadistic Plus entries coming this month include Zombie Tycoon 2, which heads to PS3 and Vita via PSN on April 30, Malicious and Labyrinth Legends for PS3, and PSP game Soulcalibur: Broken Destiny for Vita. There are no PS Plus ETAs for those last three.As ever, new stuff coming in pushes old stuff back out. If you want to grab Spec Ops: The Line from PS Plus, today's your last chance to do so. Street Fighter 4: Arcade Edition dragon punches out on April 9, while Anomaly: Warzone Earth flees on April 16.Finally, today's PSN update brings discounts to The Walking Dead, Rainbow Moon, and the Söldner-X series, including the first season of Telltale's zombified adventure for $14.99, a price that drops to $10.49 with Plus. For all those deals, check out the PlayStation Blog.
Google teases hackers with $2 million in prizes, announces Pwnium 2 exploit competition
The folks in Mountain View are starting to make a habit of getting hacked -- intentionally, that is. Earlier this year, Google hosted an event at the CanSecWest security conference called Pwnium, a competition that challenged aspiring hackers to poke holes in its Chrome browser. El Goog apparently learned so much from the event that it's doing it again -- hosting Pwnium 2 at the Hack in the Box 10th anniversary conference in Malaysia and offering up to $2 million in rewards. Bugging out the browser by exploiting its own code wins the largest award, a cool $60,000. Enlisting the help of a WebKit or Windows kernel bug makes you eligible for a $50,000 reward, and non-Chrome exploits that rely on a bug in Flash or a driver are worth $40,000. Not confident you can break Chrome? Don't let that stop you -- Google plans to reward incomplete exploits as well, noting that it has plenty to learn from unreliable or incomplete attacks. Check out the Chromium Blog at the source link below for the full details.
PSN action game 'Malicious' arrives in North America on July 24
We first heard about the PSN game Malicious back in 2010, when it was first announced for Japan. It's finally been announced for North America, and we don't have much more waiting to do – it's coming July 24, for $9.99.Malicious centers on a series of boss fights in which you employ a sort of magical scarf that can change shape into various melee or even projectile weapons. Like Mega Man, you can choose the order in which you face these boss battles – and like Mega Man, you absorb powers from defeated bosses.The version coming out here is for PS3. There's also a Vita version in Japan, but that has not been announced for North America.%Gallery-160171%
Google's 'Bouncer' service scans the Android Market for malware, will judge you at the door
Google has had its fair share of malware-related problems in the Android Market, but that's hopefully about to change, now that the company has announced a new security-enhancing service. Codenamed "Bouncer," Mountain View's new program sounds pretty simple, in principle: it just automatically scans the Market for malware, without altering the Android user experience, or requiring devs to run through an app approval process. According to Hiroshi Lockheimer, Android's VP of Engineering, Bouncer does this by scanning recently uploaded apps for spyware, trojans or any other lethal components, while looking out for any suspicious behavior that may raise a red flag. The service also runs a simulation of each app using Google's cloud-based infrastructure, and regularly checks up on developer accounts to keep repeat offenders out of the Android Market. Existing apps, it's worth noting, will be subject to the same treatment as their more freshly uploaded counterparts. Lockheimer went on to point out that malware is on the decline in the Market, citing a 40 percent drop between the first and second halves of 2011, and explained some of Android's fundamental security features, including its sandboxing and permission-based systems. Head for the source link below to read the post in full.
PS3 and Vita game 'Malicious' classified in Australia
Malicious, a PSN-exclusive boss rush action game (genre: "I'd like to speak to the manager, and then stab him."), may bring its concentrated quest and weaponized cloak to territories beyond Japan. The Alvion-developed project has been classified in Australia and attached to publisher Sony Computer Entertainment, making a localized version likely. The game's move to other markets could coincide with the upcoming Vita port, which was announced in August after the original launched on PlayStation 3. We've yet to hear any official details about a Malicious localization, but we've already started begging Sony to change the name and prevent confusion with our homoerotic "Firefly" fan novel.
PS3's 'Malicious' coming to PlayStation Vita with extra content
Malicious, Alvion's PS3-exclusive downloadable boss rush action game, whose protagonist fights using a shape-changing cloak, never made it out of Japan. We might get another chance to try it, as Alvion is working on a PlayStation Vita release. Andriasang reports, based on Famitsu magazine, that the Vita version will include unspecified new content. It'll be sold as a downloadable title much like the PS3 version; of course, since all Vita games will be downloadable, the only real distinction between what we think of now as "retail" or "PSN" games will be price tiers. The pricing hasn't been announced, but the PS3 version is ¥800 ($10). If it doesn't get an official localization this time, we'll just have to buy some Japanese PSN credit, we suppose.
More malware in the Android Market: Google removes 26 deleterious app doppelgangers
Ideally, we'd do our smartphone software shopping free from the specter of malicious apps masquerading as useful ones. This past weekend, however, 26 apps in the Android Market were discovered to be packing pernicious code called Droid Dream Light. Apparently, the dastardly devs who made the malware took existing apps and modified them to send details (including IMEI and IMSI info) about the infected handset to a remote server upon receiving a call. The code can also download and cue new package installations, but it needs user approval to do so. Google promptly pulled the offending apps, but their appearance serves as another reminder to be careful when downloading software on your smartphone -- prudence demands minding your app permissions, lest your little green bot start stealing your personal info.
Visualized: preconceived notions about personal computer security
See that chart up there? That's a beautiful visualization of a dozen folk models surrounding the idea of home computer security, devised by Michigan State's own Rick Wash. To construct it (as well pen the textual explanations to back it), he interviewed a number of computer users with varying levels of sophistication, with the goal being to find out how normal Earthlings interpreted potential threats to their PC. His findings? A vast amount of home PCs are frequently insecure because "they are administered by untrained, unskilled users." He also found that PCs remain largely at risk despite a blossoming network of preventative software and advice, and almost certainly received an A for his efforts. Hit the source link for more, but only after you've spiffed up, thrown on a pair of spectacles and kicked one foot up on the coffee table that sits in front of you.
Google flips Android kill switch, destroys a batch of malicious apps (update)
When 21 rogue apps started siphoning off identifying information from Android phones and installing security holes, Google yanked the lot from Android Market, and called the authorities to boot. But what of the 50,000 copies already downloaded by unwitting users? That's what Google's dealing with this week, by utilizing Android's remote kill switch to delete them over the air. But that's not all, because this time the company isn't just removing offending packages, but also installing new code. The "Android Market Security Tool March 2011" will be remotely added to affected handsets to undo the exploit and keep it from sending your data out, as well as make you wonder just how much remote control Google has over our phones. Yes, we welcome our new Search Engine overlords and all that, so long as they've got our best interests at heart, but there's a certain irony in Google removing a backdoor exploit by using a backdoor of its own -- even one that (in this case) will email you to report what it's done. Update: TechCrunch says there were 58 malicious apps and 260,000 affected phones in total.
Google spikes 21 malicious apps with big download counts from the Market (update: Android 2.2.2 and up are immune)
We're sure that the debate of a carefully controlled and curated environment like Apple's App Store versus a free-for-all like the Android Market will rage on for years to come, but here's something to chew on: Google just removed some 21 apps from the Market in the last day from a publisher going by Myournet for doing all sorts of naughty things to your device. Offenses include attempting to root your phone, uploading phone information (including IMEI) to who-knows-where, and -- most egregiously -- adding a backdoor that allows additional code to be pulled down and executed. At least some of the apps are pirated versions of existing apps that have been re-uploaded at zero cost to the user, which makes them appealing... and the trick apparently works quite well, because the 21 managed to clock over 50,000 downloads before getting taken down. This isn't the first time malicious apps have shown up on smartphones -- far from it -- but it's probably the highest-profile case of a first-party app store being infiltrated by really bad stuff. If there's a silver lining, it's that Google was extraordinarily quick to respond once Android Police reported the situation -- the site says it took less than five minutes from the time they reached out to the time the apps actually went offline. Still, that's little consolation if you've already installed your "free" copy of Super History Eraser. Hit the source links for the full list of pulled apps. Update: Android Central points out that the type of root exploit used in these apps was patched in Android 2.2.2 and up, so Nexus One and Nexus S owners should be fine; everyone else is left out in the cold, though, thanks to the vexing third-party update lag. Thanks, Z!
Google's paying $20,000 to hack Chrome -- any takers?
So far, Chrome is the only browser of the big four -- Safari, Firefox, and Internet Explorer being the other three -- to escape the Pwn2Own hacking competition unscathed the past two years. (Sorry Opera aficionados, looks like there's not enough of you to merit a place in the contest... yet.) Evidently, its past success has Google confident enough to pony up a cool $20,000 and a CR-48 laptop to anyone able to find a bug in its code and execute a clean sandbox escape on day one of Pwn2Own 2011. Should that prove too daunting a task, contest organizer TippingPoint will match El Goog's $10,000 prize (still $20,000 total) for anyone who can exploit Chrome and exit the sandbox through non-Google code on days two and three of the event. For those interested in competing, Pwn2Own takes place March 9th through 11th in Vancouver at the CanSecWest conference. The gauntlet has been thrown -- your move, hackers.
