Category Archives: Security News

Widespread exploit kit, ransomware program, and password stealer mixed into dangerous malware cocktail

Cybercrime group combines Pony, Angler and CryptoWall 4.0 in a single campaign

Credit: Gerd Altmann / Pixabay
An ongoing attack campaign combines a very effective password stealer, the most widespread exploit kit, called Angler, and the latest version of the infamous CryptoWall file-encrypting ransomware program.

The attackers first use the Pony computer Trojan to pilfer passwords from compromised computers, including FTP and SSH credentials that webmasters use to administer websites, according to researchers from Heimdal Security.

Millions of smart TVs, phones and routers at risk from old vulnerability

The finding highlights problems around less rigorous patching by manufacturers.

Trend Micro says up to 6.1 million devices, including this smart TV, haven’t patched a software vulnerability dating from 2012.

Credit: Trend Micro

A three-year-old vulnerability in a software component used in millions of smart TVs, routers and phones still hasn’t been patched by many vendors, thus posing a risk, according to Trend Micro.

No more security fixes for older OpenSSL branches

Support for the 0.9.8 and 1.0.0 branches of OpenSSL will end on Dec. 31

Digital key Credit: IDGNS
The OpenSSL Software Foundation has released new patches for the popular open-source cryptographic library, but for two of its older branches they will likely be the last security updates.

This could spell trouble for some enterprise applications that bundle the 0.9.8 or 1.0.0 versions of OpenSSL and for older systems — embedded devices in particular — where updates are rare.

Ransomware and scammy tech support sites team up for a vicious one-two punch

One holds your files hostage, the other overcharges to fix nonexistent computer problems.

Credit: Symantec
Symantec has seen a curious fusing of two pernicious online threats, which would cause a big headache if encountered by users.

Some websites offering questionable tech support services are also dishing up ransomware, which locks up a users files until they pay a fee to decrypt them.

VPN bug poses privacy threat to BitTorrent downloaders

The bug could be used to unmask a computer’s real IP address

Credit: Wikimedia Commons
A bug affecting some VPN services can be used to figure out a computer’s real IP addresses, including those of BitTorrent users, which could pose a huge privacy and possibly a legal risk.