Viruses & Malware
Cyberattackers curious about the contents of users' hard drives will now have a tougher time finding that information, thanks to a new patch that Microsoft issued Tuesday in the latest round of "Patch Tuesday" bug fixes.
This iteration of Patch Tuesday fixes, which Microsoft releases on the second Tuesday of each month, was a relatively small one for the company, said Amol Sarwate, director of vulnerability research at IT research firm Qualys. This edition contains four bulletins covering 42 vulnerabilities.
Malicious advertisements have popped up on websites such as YouTube, Amazon and Yahoo, part of a sophisticated campaign to spread malware, Cisco said Monday.
When encountered, the malicious advertisements cause a person to be redirected to a different website, which triggers a download based on whether the computer is running Windows or Apple’s OS X, wrote Armin Pelkmann, a threat researcher.
SophosLabs has been following an interesting Android malware story over the past week.
The malware goes by the name XX神器 (XXshenqi) in Chinese, or the Heart App, as it calls itself in English.
In theory, the implication seems to be that you can use the app, which you receive as an SMS invitation from one of your friends, to organise a romantic hook-up. In practice, however, you and your friends will just end up with SMS headaches.
Synolocker crypto-malware affecting Synology network access (NAS) devices in particular, has hit the Faculty of Medicine of Chinese University and took hostage no less than 10,000 patient records.
It appears that the affected data belongs to the Centre for Liver Health and Institute of Digestive Disease at the Prince of Wales Hospital in Sha Tin, and the police confirmed that the crooks used Synolocker for the deed.
A new Android design error discovered by Bluebox Security allows malicious apps to grab extensive control over a user's device without asking for any special permissions at installation. The problem affects virtually all Android phones sold since 2010.
Bluebox calls the flaw "Fake ID" because it allows malware apps to pass fake credentials to Android, which fails to properly verify the app's cryptographic signature. Instead, Android grants the rogue app all of the access permissions of whatever legitimate app the malware claims to be.