Category: blog
-
Olympic Games target of malware, again
The organisers of the Pyeongchang Winter Olympics have confirmed a malware attack against their computer systems. Though the attack affected the Wi-Fi during Friday’s opening ceremony and knocked the event’s website offline for a few hours, no permanent damage appears to have been done. Cisco Talos researchers Warren Mercer and Paul Rascagneres have performed a…
-
There are lessons to be learned from government websites serving cryptocurrency miners
This was awkward. On Sunday, the Information Commissioner’s Office (ICO), the UK’s data protection regulator and thus the public body that issues fines for data breaches, was found to be serving a JavaScript-based cryptocurrency miner on its website. The issue was first reported by security researcher Scott Helme, who discovered that the ICO wasn’t the…
-
There are lessons to be learned from government websites serving cryptocurrency miners
This was awkward. On Sunday, the Information Commissioner’s Office (ICO), the UK’s data protection regulator and thus the public body that issues fines for data breaches, was found to be serving a JavaScript-based cryptocurrency miner on its website. The issue was first reported by security researcher Scott Helme, who discovered that the ICO wasn’t the…
-
We need to continue the debate on the ethics and perils of publishing security research
At VB2015 in Prague, Juan Andrés Guerro-Saade, then of Kaspersky Lab , presented an important paper on the transformation of security researchers into intelligence brokers and how this changes the ethics concerning security research. The debate on how security companies in general and anti-virus products in particular should treat malware written for ‘good’ purposes has…
-
We need to continue the debate on the ethics and perils of publishing security research
At VB2015 in Prague, Juan Andrés Guerro-Saade, then of Kaspersky Lab , presented an important paper on the transformation of security researchers into intelligence brokers and how this changes the ethics concerning security research. The debate on how security companies in general and anti-virus products in particular should treat malware written for ‘good’ purposes has…
-
WordPress users urged to manually update to fix bug that prevents automatic updating
WordPress has long had a bad reputation in the security community. While this is understandable – compromised installations of the popular content management system are regularly used to spread malware and spam – it is also a little unfair, as the security of WordPress has improved a lot over the years. Indeed, exploitable vulnerabilities in the…
-
WordPress users urged to manually update to fix bug that prevents automatic updating
WordPress has long had a bad reputation in the security community. While this is understandable – compromised installations of the popular content management system are regularly used to spread malware and spam – it is also a little unfair, as the security of WordPress has improved a lot over the years. Indeed, exploitable vulnerabilities in the…
-
New paper: A review of the evolution of Andromeda over the years
In December last year, a joint operation involving law enforcement agencies and many security firms led to the dismantling of the Andromeda botnet, also known as Gamarue or Wauchos. Such takedowns have become a common feature in the fight against online crime, though there have been many instances where a disrupted botnet has subsequently been…
-
New paper: A review of the evolution of Andromeda over the years
In December last year, a joint operation involving law enforcement agencies and many security firms led to the dismantling of the Andromeda botnet, also known as Gamarue or Wauchos. Such takedowns have become a common feature in the fight against online crime, though there have been many instances where a disrupted botnet has subsequently been…
-
There is no evidence in-the-wild malware is using Meltdown or Spectre
Almost a month after the Meltdown and Spectre attacks against various CPUs were discovered and revealed to the public, there have been reports of the existence of malware that appears to be using the published proof-of-concept code. The source of these reports is a Google Plus post from testing organization AV-Test , which lists the…