Security

Cyberspying effort drops 'Mirage' on energy firms

Researchers have uncovered a new cyberespionage campaign being waged on a large Philippine oil company, a Taiwanese military organization and a Canadian energy firm, as well as targets in Brazil, Israel, Egypt and Nigeria.

The malware being used is called "Mirage" and it leaves a backdoor on the computer that waits for instructions from the attacker, said Silas Cutler, a security researcher at Dell SecureWorks' Counter Threat Unit (CTU).

Victims are carefully targeted with so-called "spear-phishing" e-mails with attachments that are "droppers" designed to look and behave like PDF documents. However, they are actually … Read more

iOS 6 allows tweets, Facebook posts from locked device

Upgrading to iOS 6? Be careful about leaving your locked iPhone unattended unless you change some settings. Otherwise an unscrupulous stranger could order Siri to send tweets and Facebook posts from your account that you didn't make -- even if your phone is locked.

Apple has added the ability for Siri to interact with Twitter and Facebook from the lock screen, just like you can use Siri to send text messages and e-mails and make calls on a locked device running iOS 5. If you don't want Siri to conduct these sorts of activities while the device is … Read more

iPhone 4S, Samsung Galaxy S3 hacked in contest

Dutch and British hackers compromised an iPhone 4S and a Samsung Galaxy S3, respectively, in separate gambits as part of a mobile Pwn2Own contest at a security conference in Amsterdam this week.

Joost Pol, chief executive officer of Dutch research firm Certified Secure, and colleague Daan Keuper created an exploit that allowed them to hijack the address book, photos, browsing history and videos from a fully patched iPhone 4S at the EuSecWest conference, according to CNET sister site ZDNet. And that effort has implications for Apple's new iPhone 5.

"We specifically chose this one because it was present … Read more

Microsoft issues fix for IE hole; full update coming Friday

Microsoft today released so-called "Fix It" software that will protect Windows users from a critical Internet Explorer hole being exploited in attacks until the company releases a cumulative update for IE on Friday.

The Fix It tool "is an easy, one-click solution that will help protect your computer right away. It will not affect your ability to browse the Web, and it does not require a reboot of your computer," Yunsun Wee, Trustworthy Computer Director at Microsoft, said in a blog post. "This will not only reinforce the issue that the Fix It addressed, but … Read more

Chase site hiccups following similar Bank of America issues

The main site for Chase bank was temporarily inaccessible for some today, one day after Bank of America's online banking site had intermittent outages.

"*ALERT* Chase Online is working, though some customers may not get in on the first try. We appreciate your patience as we work through this," the Chase Twitter account tweeted this afternoon.

This morning the message was: "Chase.com is experiencing intermittent issues. We're working to restore full connectivity and apologize for any inconvenience." CNET was unable to access the consumer banking site, Chase.com, but able to get to … Read more

Bromium secures computers by holding apps in isolation

Some of the minds behind virtualization technology used by Amazon Web Services are launching new security software today called Bromium, which is designed to protect against attacks by keeping apps and their individual tasks separate from the operating system.

While traditional antivirus software prevents known malware from infecting machines, and firewalls block unauthorized packets from getting into the network, there isn't really a good solution for the biggest problem in security today -- the naive end user. An unwise click on a malicious attachment or URL is often the easiest way into an organization's network.

"We're … Read more

Democratic senators call for 'cybersecurity' executive order

Two Democratic senators are urging President Obama to direct his administration to publish "advisory" guidelines through an executive order on cybersecurity.

In a letter (PDF) sent to the White House today, Delaware's Christopher Coons and Connecticut's Richard Blumenthal say it's time for an executive order "directing the promulgation of voluntary standards" by the Department of Homeland Security.

It's hardly clear that the vast Homeland Security bureaucracy -- which has received plenty of failing cybersecurity grades from congressional overseers -- is best-equipped to advise the private sector on how to secure networks and … Read more

Two men plead guilty to hacking Subway stores

Two Romanian men pled guilty to working with others to hack into point-of-sale terminals at hundreds of Subway stores in the U.S. to steal credit card data from more than 146,000 accounts between 2009 and 2011, federal prosecutors said.

Iulian Dolan, 28, and Cezar Iulian Butu, 27, entered guilty pleas Monday in federal court to one count of conspiracy to commit computer fraud, the Department of Justice said in a statement.

Dolan also pleaded guilty to two counts of conspiracy to commit credit card fraud and has agreed to spend seven years in prison. He admitted helping the … Read more

How to keep smartphone-using kids safe

Kids can't do it alone. Parents can't do it alone.

Making sure children have safe access to technology requires the participation of hardware vendors, app developers, service providers, educators, industry leaders, and the media. But ensuring the safe use of tech products by children begins and ends with parents.

They're the ones who gauge how much technology the child can handle, who establish the parameters for the child's use of computers and phones, and who keep a close-but-not-too-close watch on how the child is using the technology.

Monitoring your children's use of the family computer … Read more