Earlier today we learned that a new API is bringing adblocking to Samsung's own mobile web browser. Adblock Fast was the first to take advantage of the new option and now, hot on its heels, comes the big guns -- Adblock Plus.

Today Samsung is rolling out an Android 6.0 Marshmallow update and once this has been installed, Adblock Plus can also be installed. The extension brings content blocking capabilities to Samsung's own web browser, but you'll have to jump through the relevant hoops to gain the privacy and bandwidth preserving capabilities.

Continue reading →

American email and web security firm AppRiver has released its end-of-the-year report, where it showcased a detailed analysis of malware and spam trends in 2015.

The report, entitled Global Security Report, says that the number of email messages containing malware doubled, year-on-year. From January to November, AppRiver quarantined 944 million messages, and in December alone, another 705 million.

Continue reading →

Trend Micro may still be smarting from the revelation that there was a serious vulnerability in its Password Manager tool, but today the security company warns of the dangers of sharing ransomware source code.

The company says that those who discover vulnerabilities need to think carefully about sharing details of their findings with the wider public as there is great potential for this information to be misused, even if it is released for educational purposes. It says that "even with the best intentions, improper disclosure of sensitive information can lead to complicated, and sometimes even troublesome scenarios".

Continue reading →

Around a year and a half ago, Symantec warned about the personal data stealing malware Android.Bankosy. Now the Trojan has been updated so it can steal passwords delivered via voice call-based two-factor authorization systems.

Such 2FA systems are often used by banks to communicate one-time passcodes to people. While these have usually been delivered via SMS, voice call delivery is becoming increasingly common. Malware makers are keen not to miss out on data stealing opportunities, and the Android.Bankosy introduces a call-forwarding feature that sends 2FA calls to a C&C server so the code can be intercepted and exploited.

Continue reading →

Cross-platform viruses and malware are something of a rarity, but now there's a first-in-its-class JavaScript-based ransomware that can infect Mac, Windows and Linux. Ransom32 uses the Node.js runtime environment running on the NW.js platform to burrow into the target operating system and hold files to ransom.

While on the face of it, this is just another example of ransomware that encrypts files and seeks Bitcoin payments to decrypt them, it is more than that. The NW.js framework not only allows for cross-platform infections, but also means it is harder to detect. Ransom32 bears some resemblance to CryptoLocker and has been dubbed Ransomware-as-a-Service.

Continue reading →

When I go to a hotel, there are plenty of things I worry about. Are there bed bugs? Was the prior guest disgusting? Dear God, is there room service? For the most part, I have satisfying hotel stays, as I check online reviews beforehand. Any mention of cigarette smells, high noise levels, or yellow stains on the sheets, and I move along.

Sadly, there is yet another thing to worry about -- malware. Yes, today, Hyatt Hotels announces that its payment processing was breached by malware. Sigh. This type of news is becoming too commonplace nowadays, and quite frankly, I am getting fed up.

Continue reading →

Oracle is about to issue a warning that Java users could be exposed to malware, the media have reported on Tuesday.

The exposure is the result of a flaw that existed in Java’s software update tool. After an investigation conducted by the US Federal Trade Commission, Oracle (Java’s distributor) has agreed to issue a warning over its social media channels and on its website, otherwise it would have been fined.

Continue reading →

Security experts from Panda Security warn that 2016 is set to be a bumper year of attacks and malware infections. The company says that malware will grow at "an exponential rate", with Android, mobile payment platforms, and the Internet of Things being key targets.

Business, individuals, and corporate users alike are at risk, and it is predicted that infections via JavaScript and Windows 10's Powershell are to be common attack vectors. Exploit kits are due to increase in popularity, largely because of the fact that it is not currently easy to combat them.

Continue reading →

While many detractors of iOS point to Apple's strict access to the App Store, others -- like me -- applaud it. While it might be harder to get an app approved for download in Apple's store, it is arguably more secure. Conversely, Google's Play Store can sometimes feel like the wild west. Sure, Apple's process is not infallible either, but many consider it to be the gold standard. Apple's stronger and more stringent screening process not only helps to block malicious apps, but weeds out low-quality offerings too. Overall, neither process is perfect.

Today, a startling discovery was made in the Google Play Store for Android. You see, a malicious app masquerading as a game made it past Google's security screeners, putting millions of users at risk. Had anti-malware company Lookout not discovered it, there is no telling how many Android users could have installed it.

Continue reading →

Networking manufacturer Juniper has discovered backdoors built into its firewalls. The company says that a number of its devices running the ScreenOS operating system include serious vulnerabilities that could be used to take remote control of networked devices, or to decrypt VPN traffic.

The company says that the security issues were unearthed during an internal code review and has issued an out-of-cycle fix to address the vulnerabilities. Network admins are advised to treat the threats seriously, and to make use of the available patches immediately.

Continue reading →

For the religiously-inclined the appeal of installing an electronic bible on a phone is (somewhat) understandable. But as well as providing a biblical fix when out and about, apps of a religious bent could also harbor a worrying payload.

The Threat Insight team from Proofpoint looked at thousands of iOS and Android apps, and found that a disturbing percentage of seemingly innocent apps pose a threat to users. Apps were found to include secret tracking components, as well as data-stealing elements and the ability to make unauthorized calls. The figures make for frightening reading.

Continue reading →

Security has long been an issue for Windows users. The sheer number of devices running Microsoft's operating system makes it a prime target for malware and virus attacks. More recently, Apple's computers have increased in popularity and security firm FireEye says that the company will find itself in the crosshairs in 2016.

It's not just Macs and MacBooks that are predicted to become more frequent targets, iOS is also expected to come under attack. FireEye warns that weaknesses have been found in Apple's walled garden, and this could spell danger for users. Symantec is issuing similar warnings, citing Apple's ever-growing user base as the reason.

Continue reading →

UK webhosting company Easily has emailed its customers to inform them that it has fallen victim to a malware attack. COO Edwina McDowall says that the assailant is, as yet, unknown but steps have been taken to eliminate the malware.

The company warns that all customers should change their passwords as a precautionary measure, but seeks to assure people that credit card details have not been compromised.

Continue reading →

Enterprise users are always looking for ways to protect their systems, and Microsoft recently unveiled a new opt-in feature to protect against Potentially Unwanted Applications (PUA). PUA is a broad term that covers everything from adware to browser extensions, and users of Windows 8 and Windows 10 can enable the feature to block such nasties at a download level.

PUAs are described by Microsoft as "a threat classification based on reputation and research-driven identification", and includes unwanted components bundled with legitimate software. Venture into the registry, and a tweak can be used to enable protection against such unwanted elements.

Continue reading →

A new form of malware that targets mass media agencies has been discovered by researchers at the US-based security firm FireEye. The malware was detected in Hong Kong where it was being used to target a small number of media agencies with the initial targets of the attack being newspapers, radio stations and television studios.

The malware leaves a user vulnerable by offering a backdoor to their system. The way in which this is achieved is unique because its command and control or C&C server is hidden inside Dropbox accounts. FireEye was able to trace the malware back to a group of hackers by the name admin@338, who is believed to have ties with the Chinese government.

Continue reading →