Articles about Security Software

Silhouette of spy discerning password from code uses a command on graphic user interface

Digital video recorder installers master password list 'leaked' – claims

Xiongmai, the vendor behind many Mirai-vulnerable DVRs, has earned the consternation of security watchers once again. The vendor's 2017 list of superuser passwords for certain DVRs – designed only for CCTV installers to access customer installations – appears to have leaked online. "If the creds are what we think they are, …
John Leyden, 11 Jan 2017

Oh Britain. Worried your routers will be hacked, but won't touch the admin settings

Recent Mirai-style attacks against home broadband routers have had some effect but the majority of users have failed to act. A survey of 2,000 broadband users found the majority (53 per cent) have not changed the Wi-Fi password and other default settings, potentially opening themselves up to attack. The poll by ISP comparison …
John Leyden, 11 Jan 2017
flaw

Fatal flaw found in PricewaterhouseCoopers SAP security software

A security tool built for SAP systems by PricewaterhouseCoopers has turned out to have worrying security holes of its own. German security research firm ESNC has been analyzing the Automated Controls Evaluator (ACE), which extracts relevant security and configuration data from an SAP system, analyzes it, and generates …
Iain Thomson, 09 Dec 2016

Trend Micro AV nukes innocent Sharepoint code, admins despair

Trend Micro's antivirus software has flagged benign Sharepoint code as potentially malign and nuked the files, causing the Microsoft package to fall over. After installing a dodgy update, Trend's OfficeScan tool removes a harmless JavaScript file from Sharepoint, leaving crashing servers in its wake. Aggrieved admins have …
John Leyden, 08 Dec 2016

Oh no, software has bugs, we need antivirus. Oh no, bug-squasher has bugs, we need ...

Flaws in security products are among the most commonly encountered desktop software vulnerabilities, according to a new study. Eleven of the 46 products that made it into monthly top 20 most vulnerable product charts between August and October were security packages, Secunia reports. Products from vendors including AlienVault …
John Leyden, 29 Nov 2016
Sheaf of £50 notes poised on the rim of a toilet bowl as toilet is flushed. Collage of two photos sourced from Shutterstock

Ransomware scams cost Brits £4.5m per year

More than 4,000 Brits have had their computers infected with ransomware this year, with over £4.5m paid out to cyber criminals, according to Action Fraud. Ransomware is a type of malware that encrypts files of infected PCs before demanding an extortionate payment for the encryption key needed to recover data. The malware …
John Leyden, 28 Nov 2016
letters stuffed in a mailbox. Photo by SHutterstock

Snail mail thieves feed international identity theft rings say Oz cops

You may run security software, encrypt everything, protect your very complex passwords and use two-factor authentication for everything, but the humble mailbox and the snail mail it contains can still see your identity stolen. So say Police in the Australian State of New South Wales, where Fraud and Cybercrime Squad detectives …
Simon Sharwood, 23 Nov 2016

Symantec doubles down on consumer security by buying LifeLock

Symantec has bought identity theft protection firm LifeLock for $2.3bn. The deal, announced Sunday, represents a brave bid by Symantec to shore up a consumer security business eroded by dwindling anti-virus sales. Selling Norton consumer security alongside identity protection and remediation services from LifeLock will enable …
John Leyden, 21 Nov 2016

Adult FriendFinder users get their privates exposed... again – reports

Hundreds of millions of Adult FriendFinder (AFF) accounts appear to have been exposed once again. A database of usernames, emails, and passwords of footloose and fancy free members, along with those from associated websites, has leaked and surfaced online. The breach has not been confirmed by the site’s parent company …
John Leyden, 14 Nov 2016
Embarrassed/exhausted man sits in front of laptop in hipstery office. Photo by Shutterstock

Pay up or your data gets it. Ransomware highwaymen's attacks on small biz octuple

Small businesses faced eight times more ransomware attacks in the third quarter of 2016 than the same quarter last year, according to stats from Kaspersky Lab. Kaspersky Small Office Security thwarted 27,471 attempts to block access to corporate data in Q3 2016, compared to 3,224 similar attacks in Q3 2015. Ransomware makes …
John Leyden, 14 Nov 2016
London financial centre gherkin etc. photo by shutterstock

Losses and sales up, shares down at Sophos

Losses at London Stock Exchange-listed Sophos have gone up despite increasing sales. For the six months up to 30 September, revenues were $256.9m (£207.4m) compared to $234.2m in the same period a year ago. Losses, however, widened from $13.4m to $24.6m on rising R&D costs and more recurring business. Unified Threat …
John Leyden, 09 Nov 2016
stack of newspapers

Ransomware victims screwed

Many ransomware victims fail to get their documents back even if they have paid off cybercriminals. More than a third of marks – 36 per cent to be exact – choose to pay a ransom to unscramble their files after a ransomware infection, but one in five folks still don’t get their information restored, according to new research by …
John Leyden, 01 Nov 2016

Nymaim malware got a major 'upgrade', says Verint

The miscreants behind the Nymaim malware dropper have updated their code to include better obfuscation and blacklisting against security software. Analytics outfit Verint, which discovered the latest version and offers its analysis here, says the new code base targets phishing rather than the drive-by-download approach …
container_ship_hamburg_shutterstock_648

Tenable ate FlawCheck for DevOps enhancement

In order to remain tenable as the security market adjusts to software containers, Tenable Network Security, based in Columbia, Maryland, has acquired FlawCheck, a San Francisco-based company founded last year to make Docker containers more secure. Renaud Deraison, CTO and cofounder of Tenable, contends that information …
Thomas Claburn, 26 Oct 2016
Snake oil salesman

Kids today are so stupid they fall for security scams more often than greybeards

Millennials are more likely to fall for tech support scams than baby boomers, Microsoft says. The findings are revealed in a recent Microsoft study that saw it poll peeps in the United Kingdom, the United States, Australia and nine other countries. Redmond's not revealed the number of respondents. Tech support scams take on …
Darren Pauli, 20 Oct 2016
man reads tablet on the toilet. Photo by Shutterstock

It's finally happened: Hackers are coming for home routers en masse

Cybercrooks are increasingly targeting routers in consumers’ homes. Fortinet reports that attacks of this type have regularly figured as entries in its daily top 10 IPS (intrusion prevention system) detection list over the last three months since July. The security vendor reckons that home routers have become a favoured target …
John Leyden, 19 Oct 2016
Embarrassed/exhausted man sits in front of laptop in hipstery office. Photo by Shutterstock

Email security: We CAN fix the tech, but what about the humans?

Last month’s Mr Chow ransomware attacks serve as a timely reminder that security should be at the top of any business IT strategy. Ransomware is on the increase, at least according to the FBI and while it is not all email borne, it is an example of how sophisticated hackers and criminals are getting with technology. Certainly …
Parachutists and cloud image via Shutterstock

Trust the cloud, we’re getting the hang of securing it, says Unisys security chief

IPExpo Everyone’s starting to believe in public cloud but security remains an uphill battle, Unisys’ chief trust officer Tom Patterson told The Register this morning. “There are no four walls any more,” he said, sipping a cappuccino in London’s ExCel conference centre and referring to the traditional security model where threats were …
Gareth Corfield, 06 Oct 2016

Sophos to drop Quadsys after Five Avoid Jail

Sophos has finally “discontinued” its relationship with security reseller Quadsys after five of its staffers, three of whom were directors of the company, were sentenced for offences committed under the Computer Misuse Act last Friday. The Quadsys Five were first charged in August 2015, but while some vendors were quick to …
Crown courtroom. Pic: Shutterstock

Quadsys Five walk free after hacking rival company

Five senior staffers at security reseller Quadsys managed to avoid imprisonment today. The Quadsys Five walked free from Oxford Crown Court this afternoon after a sentencing hearing - they had pleaded guilty in July to charges of securing unauthorised access to computer material, contrary to section 1 of the Computer Misuse …
Game of Thrones

Fingerprint tech makes ATMs super secure, say banks. Crims: Bring it on, suckers

Cybercriminals are hawking their claimed ability to exploit newly introduced biometric-based ATM authentication technologies. Many banks view biometric-based technologies such as fingerprint recognition to be one of the most promising additions to current authentication methods, if not a complete replacement to chip and PIN. …
John Leyden, 29 Sep 2016
Image by Lana839 http://www.shutterstock.com/gallery-2897530p1.html

Suspected Russian DNC hackers brew Mac trojan

Suspected Russian hackers fingered for hacking the United States Democratic National Committee (DNC) have brewed a trojan targeting Mac OS X machines in the aerospace sector, says Palo Alto researcher Ryan Olson. The malware relies on social engineering and exploits a well-known vulnerability in the MacKeeper security software …
Darren Pauli, 27 Sep 2016
Man peers into fridge with odd look on his face. Photo by shutterstock

Printers now the least-secure things on the internet

The Internet of Things is exactly as bad a security nightmare as pessimists think it is, according to Bitdefender's Bogdan Botezatu. The senior threat analyst at the Romanian security software company called by to chat to Vulture South while in Australia (we were, I suspect, meant to discuss the company's 2017 launches, but …
Handshake

McAfee's back! Intel flogs security software biz, pockets $3.1bn

Intel is selling off a majority stake in its security software arm – formerly known as McAfee – to private equity firm TPG, which will rename itself to, er, McAfee. Chipzilla absorbed McAfee Inc in 2010 for $7.68bn, and in 2014 it phased out the McAfee brand name. According to Intel, that software division is today valued at …
Iain Thomson, 07 Sep 2016
A plate of horderves

Kaspersky Ireland R&D haus

Kaspersky Lab is opening a new R&D office in Ireland. With an initial investment of close to $5m, Kaspersky plans to create 50 new Dublin-based roles in the next three years. The new office will focus mainly on developing data analysis and machine learning technologies for the firm’s enterprise product line-up. The Russian …
John Leyden, 07 Sep 2016

Sophos Windows users face black screens after false positive snafu

Users of Sophos’s security software were confronted with a black screen on starting up their Windows PC over the weekend as the resulted of a borked antivirus update. The botched update meant that the Windows 7 version of winlogon.exe was incorrectly labelled as potentially malicious, resulting in chaos and confusion all …
John Leyden, 05 Sep 2016
A skull atop money

Cisco rewards massive profit jump with thousands of layoffs

Cisco is reporting record financial numbers on the same day it says it will cut 5,500 employees from its payroll. Switchzilla says that the move is part of its ongoing campaign to shift its focus from slinging networking hardware to providing software and services for enterprises moving to software-defined networks (SDN). CEO …
Shaun Nichols, 17 Aug 2016
'Mother' tattoo

Tech support scammers mess with hacker's mother, so he retaliated with ransomware

Vengeful security boffin Ivan Kwiatkowski has infected the computer of an Indian tech support scammer with the Locky ransomware. Kwiatkowski inflicted the virus on the scammers after they attempted to fleece his parents. The retaliatory strike was easy for the French malware analyst; during a phone call with the scammers he …
Darren Pauli, 17 Aug 2016

McAfee outs malware dev firm with scores of Download.com installs

McAfee says a software company with more than 50,000 downloads on sites such as Download.com is distributing web browser hijacking and fraud malware. Researcher Santosh Revankar says Lavians Inc is pushing the Bing.vc browser redirect and home page hijacker which creates seeming problems that the company then attempts to fix …
Darren Pauli, 11 Aug 2016
spy_eye_648

IT security splurge surge

Worldwide spending on information security products and services will reach $81.6 billion in 2016, an increase of 7.9 per cent over 2015, according to research and advisory firm Gartner. Consulting and IT outsourcing are the largest categories of spending on information security, but this is poised to change. In the run-up to …
John Leyden, 09 Aug 2016

Snitches get stitches: Little Snitch bugs were a blessing for malware

DEF CON A vulnerability in popular OS X security tool Little Snitch potentially granted malicious applications extra powers, undermining the protection offered by the software. Little Snitch reports in real-time the network traffic entering and leaving your Apple computer, and can block unauthorized connections. It is a handy …
John Leyden, 03 Aug 2016
Kaspersky image

Kaspersky so very sorry after suggesting its antivirus will get you laid

Kaspersky has apologized for displaying a sexist pop-up advert in its security software. It's not sorry about showing adverts on people's PCs, however. The Russian giant's desktop software suite flings adverts, er, news items about Kaspersky products at users who have already paid for its applications. On Friday, one of these …
Iain Thomson, 29 Jul 2016
Undrey http://www.shutterstock.com/gallery-950635p1.html

Security FUD and malware outbreaks boost Sophos' coffers

Revenues at Sophos were buoyed by the growing threat of ransomware and the like to its target mid-market customer base. For the quarter ending 30 June 2016, Sophos recorded revenues of $127.4m, 12.2 per cent up from the $113.5m its business brought in during Q1 2016. Kris Hagerman, chief executive officer, commented: "Our …
John Leyden, 28 Jul 2016

Bosses at UK infosec biz Quadsys confess to hacking rival reseller

Five men working at UK-based IT security reseller Quadsys confessed today to hacking into a rival's database. Owner Paul Streeter, managing director Paul Cox, director Alistair Barnard, account manager Steve Davies and security consultant Jon Townsend appeared before the beak at Oxford Crown Court. All five pleaded guilty to …
Paul Kunert, 21 Jul 2016

Flaws found in security products from AVG, Symantec and McAfee

Updated Hundreds of security products may not be up to the job, researchers say, thanks to flawed uses of code hooking. The research is the handiwork of EnSilo duo Udi Yavo and Tommer Bitton, who disclosed the bugs in anti-virus and Windows security tools ahead of their presentation at the Black Hat Las Vegas conference next month. …
Darren Pauli, 20 Jul 2016

Carbon Black snaps up cloud-dwelling threat-sniffing 'next-gen AV'

Endpoint security firm Carbon Black has bought "next-generation antivirus" firm Confer. Financial terms of the deal, announced today, were undisclosed. Carbon Black plans to re-badge Confer’s security software as “Cb Defense” and offer it alongside its existing roster of application control, incident response, and threat …
John Leyden, 19 Jul 2016
virus_1_648

Your antivirus doesn't like Ammyy. And fraudsters will use that to RAT you out (again)

Crooks have once again targeted users downloading Ammyy's remote access software as a conduit for spreading malware. The tactic – which has been witnessed before, specifically in the infamous Lurk banking trojan – has been in play since early February, 2016. Ammyy Admin is a legitimate software package (used by top …
John Leyden, 19 Jul 2016
Pokemon Go game

Silently clicking on porn ads you can't even see – this could be you...

Security firms have repeated warnings that unofficial versions of Pokemon Go are likely tainted with spyware or trojans. RiskIQ has found more than 215 unofficial versions of the app in more than 21 app stores. Separately security researchers at security software firm ESET warn that the first ever fake lockscreen app on the …
John Leyden, 15 Jul 2016

Symantec, Intel carve out diminishing slice of growing security market

Worldwide security software revenues rose 3.7 per cent to reach $22.1bn in 2015, according to analyst Gartner. Security information and event management (SIEM) remained the fastest-growing sub segment of the cybersecurity biz last year, experiencing 15.8 per cent growth. By contrast, consumer security software recorded a 5.9 …
John Leyden, 14 Jul 2016

Avast woos AVG shareholders with $1.3bn buyout offer

Avast is offering to buy anti-virus rival AVG for $1.3bn. AVG shareholders are being offered $25.00 per share in cash, a 33 per cent mark-up on the closing share price on Wednesday. AVG, Avast and rival Avira are the three main players in the market for freebie anti-virus scanners for Windows. All make their money by offering …
John Leyden, 07 Jul 2016
Curser icon over a news paper folded

Android 'ransomware surge'

Ransomware attacks on Android devices running Kaspersky Lab's security software increased almost four-fold in a little more than a year, we're told. File-scrambling malware attempted to infiltrate 136,532 Kaspersky-protected Android users' gadgets at least once between April 2015 and March 2016, compared to 35,413 users in …
John Leyden, 30 Jun 2016
sale

Intel mulls sale of Intel Security – reports

Opinion Intel is reportedly looking to offload its Intel Security arm. The IT giant is investigating options for Intel Security cyber security business, the FT reports. These options include selling off the security software business formerly known as McAfee that the chip-maker bought for $7.7bn back in August 2010. Intel is yet to …
John Leyden, 27 Jun 2016
band_aid_648

Libarchive needs patching again

Users, developers, sysadmins – World+Dog, really – need to get busy patching libarchive, after Cisco Talos researchers turned up three new vulnerabilities. Described here, the bugs all relate to input validation. CVE-2016-4300 is a heap overflow in its handling of 7zip files: a malicious file can cause an integer overflow, …

Man-in-the-middle biz Blue Coat bought by Symantec: Infosec bods are worried

Analysis Symantec’s deal to to buy Blue Coat, the controversial web filtering firm, for $4.65bn will bolster its enterprise security business. But some security experts are concerned about the potential for conflict of interest created by housing Symantec’s digital certificate business and Blue Coat’s man-in-the-middle SSL inspection …
John Leyden, 14 Jun 2016
Blue Coat

Blue Coat readies for IPO

Security company Blue Coat Systems, Inc says that it will soon go public with an initial public offering (IPO). The enterprise security software vendor said that on Thursday it officially handed over paperwork to the US Securities and Exchange Commission to announce its plans to enter the New York Stock Exchange under the …
Shaun Nichols, 03 Jun 2016

It's been a breach-tastic year. And Sophos sales were good, apparently

Operating losses at security software firm Sophos have grown in its first year as a listed company – despite increased sales and an encouraging outlook overall. For the year-ending 31 March 2016, Sophos recorded an operating loss of $32.7 million on revenues of $478.2m. This compares to a loss of $0.5m on revenues of $446.7m …
John Leyden, 26 May 2016
Vlera http://www.shutterstock.com/gallery-2241824p1.html

Compression tool 7-Zip pwned, pain flows to top security, software tools

Some of the world's biggest security and software vendors will be rushing to patch holes in implementations of the popular 7-zip compression tool to stop attackers gaining full control of customer machines. Cisco security researcher Marcin Noga found and reported the holes to the maintainers of the open source 7-Zip platform …
Darren Pauli, 12 May 2016
Broken CD with wrench

Malware scan stalled misconfigured med software, mid-procedure

A user or reseller who couldn't be bothered configuring their antivirus properly has hit the headlines for interrupting doctors trying to insert a vascular catheter into a patient. As the FDA's Adverse Event Report says, an hourly malware scan stalled a Merge Healthcare Hemo unit, which collects patient vital signs, displays …
Hacker with face obscured, wearing a hoodie,  works in front of a bank of monitors. photo by Shutterstock

Finance bods SWIFT to update after Bangladesh hack

Security vendors are pushing for a more comprehensive revamp of the SWIFT international inter-bank financial transaction messaging system beyond a update prompted by an $81m hack against Bangladesh's central bank. The loss of $81m (part of an attempted $950m heist) in February’s Bangladesh cyber-heist – reckoned to be the …
John Leyden, 29 Apr 2016
Gary Kovacs, CEO of AVG. Pic: World Economic Forum

Mobile antivirus sales offset declining search revenues for AVG

The scourge of Android malware is helping to bolster the bottom line of security software firm AVG but the firm still ended up recording a slight decrease in profits. For the first quarter ending 31 March 2016, AVG posted revenues of $107.9m, compared to $102.8m in Q1 2015, a rise of five per cent. Sales from AVG’s emerging …
John Leyden, 28 Apr 2016