Security

A couple of Android apps masquerading as cleanup tools actually had a sneakier mission in mind.

Uncovered last month by Kaspersky, two apps named Superclean and DroidCleaner posed as software that claimed to clean up your Android smartphone or tablet. Instead, these two were actually pieces of malware designed to snoop on your conversations by infecting your computer.

The programs worked by downloading files that automatically execute after plugging an Android device into a Windows PC, according to Kaspersky's blog. After executing, the malware would trigger the audio recorder function in Windows, write the information to a file, and … Read more

Oracle has rushed out a new Java security patch designed to plug up a range of holes in the software.

The February Critical Patch Update for Java SE addresses 50 security vulnerabilities, 44 of which affect the use of Java as a plug-in for Web browers, according to an Oracle blog posted Friday. If not properly patched, the plug-in could open the door for attackers to remotely execute code on a PC or Mac by directing users to malicious Web sites.

"The popularity of the Java Runtime Environment in desktop browsers, and the fact that Java in browsers is … Read more

Hot on the heels of reports from The New York Times and The Wall Street Journal, another storied U.S. newspaper -- The Washington Post -- has confirmed that it too was attacked by what it suspects were Chinese hackers. And a new book from Google's Eric Schmidt reportedly calls the Asian country "the most sophisticated and prolific" hacker of foreign companies.

In an article published today, the Post says attackers gained access to the paper's computer systems as early as 2008 or 2009 and that malware installed on the systems was neutralized in 2011 by … Read more

The Wall Street Journal said today that it's been the target of Chinese hackers stemming from its coverage of China, echoing reports from other news organizations.

Hackers infiltrated the newspaper's computer system through its Beijing bureau in order to monitor the paper's coverage of China, according to the report. Paula Keve, chief spokeswoman for the Journal's parent company, Dow Jones, issued a statement that said the hacks "are not an attempt to gain commercial advantage or to misappropriate customer information." The company completed a "network overhaul" on Thursday to increase security.

The … Read more

Internet and social media ranked at the bottom on a list of the most trusted industries for privacy, according to the Ponemon Institute.

Released yesterday, Ponemon's "2012 Most Trusted Companies for Privacy" was compiled from a survey of U.S. adults asked to name the five companies they trust the most to protect the privacy of their personal information.

Based on more than 6,700 responses, the Top 20 list did not include several tech players that had been on it in past years.

Apple failed to make the list for the first time in four years. … Read more

One of the safest and simplest computer-security measures available is also one of the least used. Two-factor authentication adds a layer of protection to the standard password method of online identification. The technique is easy, relatively quick, and free. So, what's the problem?

Critics are quick to point out the shortcomings of two-factor authentication: it usually requires a USB token, phone, or other device that's easy to lose; you sacrifice some privacy by having to disclose your telephone number to a third party; and it is subject to man-in-the-middle and other browser- and app-based attacks.

Still, for online … Read more

Common bugs in networking systems are placing PCs, printers and storage devices at risk, according to security researchers.

According to the security team at Rapid7, technology used worldwide in both routers and standard networking equipment is making it possible for hackers to potentially infiltrate approximately 40 million to 50 million devices worldwide.

The vulnerability lies in the standard known as Universal Plug and Play (UPnP). This standard set of networking protocols allows devices such as PCs, printers and Wi-Fi access points to communicate and discover each other's presence. After discovery, devices can be connected through a network in order … Read more

Wickr (download) gained new secure sending and subsequent self-destructing powers in a big update to the encryption and security app today, perhaps not coincidentally Data Privacy Day.

There are four new features in the app. You can now send and subsequently self-destruct images and PDFs from Google Drive, Dropbox, and Box to other Wickr users, which expands the limits of the original send-and-self-destruct feature. You can also send up to three 30-second videos, up to 5 MB, per message. Audio messages, which function like voice mails, have been extended to 30 seconds long, as well.

Wickr can now connect to … Read more

Cyberattacks and data breaches are becoming a common occurrence worldwide.

When it takes little more than a script kiddie or a downloadable toolkit to cause havoc in corporate systems -- or even transform a governmental Web site into a game of Asteroids as part of a protest, governments are in serious trouble unless they begin to invest more in the future of their digital defense.

When Anonymous recently took down the U.S. Sentencing Commission's Web site through code distributed by the hacktivist collective for "Operation Last Resort," ussc.gov was transformed much to the amusement of … Read more