The source code for the Carberp banking Trojan program is being offered for sale on the underground market at a very affordable price, which could result in additional Carberp-based financial malware being developed in the future, according to researchers from Russian cybercrime investigations firm Group-IB.
British intelligence agency Government Communications Headquarters (GCHQ) reportedly intercepted the electronic communications of foreign politicians during G20 meetings that took place in London in 2009.
At least two U.S. mobile operators, T-Mobile US and Verizon Wireless, reportedly do not participate directly in the U.S. National Security Agency's call metadata collection program because of their partial ownership by foreign telecommunication companies.
Data encryption could help enterprises protect their sensitive information against mass surveillance by governments, as well as guard against unauthorized access by ill-intended third parties, but the correct implementation and use of data encryption technologies is not an easy task, according to security experts.
A new batch of security updates released by Microsoft on Tuesday address a total of 23 vulnerabilities in Internet Explorer, Windows and Microsoft Office, including one that is actively exploited by attackers. The handling of digital certificates in Windows was also improved.
Users from Vietnam, India, China, Taiwan and possibly other countries, were targeted as part of an attack campaign that uses Microsoft Word documents rigged with exploits in order to install a backdoor program that allows attackers to steal information, according to researchers from security firm Rapid7.
A hacker released what he claims is a zero-day exploit for older versions of the Parallels Plesk Panel, a popular Web hosting administration software package, that could allow attackers to inject arbitrary PHP code and execute rogue commands on Web servers.
The Internet Systems Consortium (ISC), the organization that develops and maintains the widely used BIND DNS (Domain Name System) software, has patched a publicly disclosed vulnerability that can be used to remotely crash DNS servers running recent releases of BIND 9.
An ongoing cyberespionage campaign compromised over 350 high-profile victims from more than 40 countries over the past eight years, including political activists, research centers, governmental institutions, embassies, military contractors and private companies from various industries.
The first three months of 2013 have seen a surge in spam volume, as well as large numbers of samples of the Koobface social networking worm and master boot record (MBR) infecting malware, according to antivirus vendor McAfee.
Copyright 2013 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.