A controversial hacking company recently ran a competition offering $3m for up to three click-to-own exploits against Apple’s iOS. The exploits would be sold on to “eligible customers” only. The competition is now closed, but one exploit apparently met the grade and will earn $1,000,000. We investigate: what “click-to-own” means, why exploits of this sort...

Quiz time: You’re waiting for your train. You spot a flash drive on a bench. Do you: Pick it up and stick it into a device? Forensics the living daylights out of it to find the owner, opening text files stored on the drive, clicking on links, and/or sending messages to any email addresses you...

Facebook has announced that it will notify users it suspects are being targeted by nation states and urge them to take extra security precautions. Alex Stamos, Facebook’s chief security officer, explained the new notifications in a 16 October blog post, saying users will only receive the warnings if Facebook has strong evidence suggesting they are...

Love it or hate it, if you’re an Anglophone, you’ve probably heard of it. The UK’s Daily Mail, or, more precisely, the web-based Mail Online, is said to be the world’s busiest English-language news site. Despite its British origins, and its UK flavour, 70% of its traffic is said to come from outside the British...

Get ready! We’re about to run the gauntlet of Mactivists, and we’d love you to join us. The story is a simple one: Apple released updates for iMovie and iWork this week (get ready for about 1GB of download in total), bumping up the middle digit of the products’ version numbers. Keynote on OS X,...

If you’ve ever fallen into the work-day habit of opening random programs (.EXE files) that came in via email, you’ve probably ended up in trouble with IT. Or looking for another job. Legitimate software hardly ever gets distributed by email, so those .EXE attachments are almost always malware: viruses, worms, password stealers, ransomware, banking Trojans,...

This week sees the 25th Virus Bulletin conference, which takes place in Prague from 30 September to 2 October. We spoke to Virus Bulletin’s editor, Martijn Grooten, about how threats have changed over the last 25 years. My colleagues and I have been very busy preparing for this week’s 25th annual Virus Bulletin International Conference, but on the occasion...

We’ve written several reports over the past year about a malware toolkit that uses Microsoft Word as its delivery vehicle. The idea is to package malware inside a Word document in such a way that the file looks innocent, with no macros (Word program code), no embedded programs, or other content that might make a...

You’ve probably read all sorts of to-and-fro about Apple’s App Store this week. Until now, the App Store has been to the malware scene what the planet Earth was to Douglas Adams’s HHGttG: Mostly harmless. That changed a few days ago, when Palo Alto networks published a series of articles about malware that had shown...

As you probably heard, Facebook recently announced that it is working on a “Dislike” button at last. Well, perhaps not exactly a Dislike button, or perhaps not only a Dislike button, but something beyond just good old “Like”, anyway. And “Dislike” was definitely one of the, errr, likely and well-liked possibilities in Mark Zuckerberg’s recent...