Security researchers have looked at ways to abuse the domain-name service (DNS) for years. Now, some researchers are warning the protocol may increasingly be used to help criminals communicate with compromised systems. At the RSA Conference in February, a senior…
Cybercriminals are uploading malicious Chrome browser extensions to the official Chrome Web Store and using them to hijack Facebook accounts, according to security researchers from Kaspersky Lab. The rogue extensions are advertised on Facebook by scammers and claim to allow…
In a recently discovered spam e-mail campaign promoting fake AV, the links in the messages take users to one of more than 300 compromised domains. Once users lands on the page, a JavaScript message warning about a “critical process activity”…
The most important tool consumers have to fight against ID theft has been turned against them by hackers, msnbc.com has learned. Websites that offer consumers a chance to see their credit reports are being brazenly used by hackers to steal…
Microsoft released six security bulletins to close seven holes. It said one of the bulletins (MS12-020), rated as critical, addresses two privately reported vulnerabilities in its implementation of the Remote Desktop Protocol (RDP). The first is a “critical-class” issue in…
A number of security-as-a-service applications — from Postini to OpenDNS to Zscaler — reroute domain-name system (DNS) requests through centralized servers or proxies to detect security threats and sanitize traffic before it reaches the client network. Yet proxies are not…
The week of January 30, Cisco Systems put out a field notice to customers using its Unified Computing System B440 server blades, stating the failure of a MOSFET power transistor on the blade can “cause the component to overheat and…
Microsoft suspended the search capability on its Safety & Security Center Web site after it was discovered cyber criminals poisoned the results with malicious links. Search result poisoning, technically known as black hat search engine optimization (BHSEO), is a common…
A plan to populate the Internet with hundreds or thousands of new top-level domains has security researchers pondering some of the unintended consequences that could be exploited by online criminals. Mayhem might result from addresses that end in “exchange,” “mailserver,”…
A backdoor was discovered in the source code of a widely used FTP package. Version 2.3.4 of the source code for vsftpd – billed as probably the most secure and fastest FTP server for Unix-like systems – was replaced with…