Hackers sympathetic to ISIS may lack the funding and talent of government-sponsored hackers, but they merit attention because of their promotion of physical violence and ability to incite others via social media to target individuals or groups. A report today by security company Flashpoint points out that while these groups are not official members of...

The black market for malicious Android software is heating up thanks to a rise in popularity of overlay malware, which can siphon credentials off Android devices and give crooks a tool to defeat two-factor identification schemes, according to security researchers at IBM’s X-Force. Overlay malware allows attackers to create an overlay to be displayed on top...

Security experts are warning PC users of scareware computer utilities published by the French firm Tuto4PC that secretly bundle adware and spyware. Cisco’s Talos security research team said several of the company’s utilities, including OneSoftPerDay and System Healer, contain Trojans that exhibit “malicious intent and behavior.” Talos estimates 12 million users have been enticed to download one of...

Mozilla yesterday updated Firefox and patched 10 vulnerabilities, one which was rated critical. Firefox 46 also included patches for four vulnerabilities that Mozilla rated as high severity. Critical bugs enabled remote code execution without user interaction, while bugs rated high can be exploited to steal browser data or inject code into websites via the browser....

An obscure Windows feature known as hotpatching, missing in the OS since the introduction of Windows 8, is a preferred tool used by a resourced attack group called Platinum that was uncovered by Microsoft. The group has carried out targeted attacks in South and Southeast Asia since at least 2009, focusing primarily on government interests,...

With some members of the so-called Armada Collective in jail, another actor has decided to co-opt their technique of sending threatening DDoS extortion messages to businesses worldwide. Only difference is, this group isn’t following through with its threat, and it’s still collecting serious money. A blog post from CloudFlare CEO Matthew Prince says that the...

A menacing wave of ransomware that locks up Android devices and demands victims pay $200 in Apple iTunes gift card codes is raising concern among security researchers. The ransomware attacks, they say, open a new chapter for Android vulnerabilities similar to Microsoft’s obsolete, unpatched and unsupported Windows XP operating system. “This is a new and...

The effectiveness of bug bounty programs is difficult to deny, especially after adoption of one at Uber, which announced last month it would begin paying $10,000 for critical bugs, and the Department of Defense, whose Hack the Pentagon illustrates the government’s softening stance on hackers. The Massachusetts Institute of Technology announced this week that it will...

Was the Federal Bureau of Investigation justified in paying over $1.3 million for a hacking tool that opened the iPhone 5c of the San Bernardino shooter? For some in the security community the answer is a resounding yes. For others, the answer is not so clear-cut. FBI Director James Comey said on Thursday the agency...

A core Windows command-line utility, Regsvr32, used to register DLLs to the Windows Registry can be abused to run remote code from the Internet, bypassing whitelisting protections such as Microsoft’s AppLocker. A researcher who requested anonymity found and privately disclosed the issue to Microsoft on Tuesday. It’s unknown whether Microsoft will patch this issue with...