A new malware was discovered by a security firm Lookout which has already infected millions of user phones via compromosed apps.

The malware called BadNews has spread through apps by pretending to be an ad platform to unsuspecting developers. As much as 32 apps from 4 developers have been affected and have since been removed from the Play store. It targets mostly Russian users.

BadNews is bad news because it fakes alerts in user’s phone and entice them to download more infected apps, subscribes them to premium sms services and sends the IMEI code to the malware creators.

The list of affected apps is available so you can check your installed apps against it to make sure your phone is not infected.

Microsoft has been rolling out a two step authentication process for their products starting April 17th. A two step authentication process already employed by companies like PayPal, Facbook, Google, Apple, is a process that besides the user password requires a one time verification code that could be sent to user’s phone via app or text message.

Microsoft is rolling out this option to such products as Office, Windows, Windows Phone, Xbox, and others. It improves the security against account hijacking and identity theft.

Oracle has released 128 security patches to a number of their products, including Java for web browsers. Most of the fixes relate to remote exploitation.

A few months ago Java web browser plugin has been exposed to have a zero-day vulnerability, and many end users were affected, including corporate networks.

It’s a good idea to keep the plugin up to date, however my tip would be to remove it from your computer entirely. Few websites use Java functionality and it’s not necessary to most users. Install it only if you really must use it.

There’s been a massive attack originating from a botnet of about 90,000 IPs that targets WordPress installations all over the internet, regardless of the host being used. The attack brute forces the admin password of a WordPress installation and installs a backdoor, presumably for a later attack. CloudFlare says it has blocked 60 million requests against this attack. And that’s just one hosting provider, so you can imagine the extent of the attack.

Attack such as this uses infected PCs but once the botnet has a huge number of hacked websites it could do a lot more damage.

It’s difficult to protect a website from brute force attacks such as this, but for starters you can use a more complicated password for your WordPress site.

There’s been an outbreak in malware that once infected a computer uses its resources to mine bitcoin.

Bitcoin is a digital currency based on a P2P network that uses user machines to solve transactions and reward the user with some of the currency. The malware creators can abuse a big number of computers to generate this currency much faster. There’s an obvious monetary incentive.

The virus infects the computer via Skype messages by sending a link and enticing the victim to click it. The messages usually say something like “here’s a picture of you”. Once on the computer it launches the bitcoin mining process which uses the CPU and slows down your machine significantly.

You can read more about this virus on the Kaspersky Lab blog.

Be careful and never click suspicious links!

Besides the usual password complexity requirements AT&T now won’t also accept passwords that contain obscene language (as first noted by @janinda). This seems funny enough while harmless, however, is it?

This raises a question as to why it is necessary when passwords should never be seen by anyone but the user in first place.

Passwords are stored in the database in an encrypted form and they are compared during authentication in this form as well. Technically no one should ever see them.

Perhaps AT&T is afraid that in case of a hacked database a list of obscenities would be revealed.

The win32 Trojan viruses are pretty common so you need to know how to remove them in case your computer gets infected. This virus infects your hard drive, and may cause your computer to run slowly, take a longer amount of time to launch your programs, and the virus can even install unwanted software on your system. This makes it a good idea to remove any software that has installed itself recently onto your computer and to unregister the files from your computer that are harboring the virus.

(Continue reading…)

One of the nastiest computer viruses out there is the Sality virus, which is a virus that allows hackers to remotely access your computer, steal information, download additional viruses into your computer, and cause your computer to perform at a low level. If your computer is infected with this virus, you will notice that it runs slowly, has less available memory, and that you are being flooded with pop-up ads. This virus can also alter your desktop settings and Internet settings. It is important to eradicate this virus as soon as possible after you detect that it has invaded your system. Usually, the sality virus is downloaded via email.

(Continue reading…)

As digital information becomes an increasingly hot commodity among black market operations, email scams are increasing in number and sophistication. Most internet-savvy individuals can spot scams of the Nigerian royal family variety with little trouble. However, scammers that are more adept have moved on to tactics that are less obvious, such as spoofing bank sites or phishing for financial information via official-sounding correspondence. Here are a few tips for avoiding the more elaborate scam emails today.

Your Bank Never Asks for Password or Log In

Some scam emails mimic correspondence from your bank and request that you provide a password or user name in response. Often, these emails reference an issue with your account. The scammer may try to unsettle readers with warnings or information that will cause concern, increasing the likelihood that an account holder will act quickly by sending in the requested information. Once the scammer receives the information, they have access to your bank account.

(Continue reading…)

In Windows, it is a simple matter to learn how to lock (password protect) your computer. A password protected computer cannot be accessed without the password being entered. Having a password will prevent unauthorized viewing of your computer files, computer history, and other personal information. You might also want to create multiple user accounts on one computer, each of them being password protected. For our purposes, we are going to assume that you are running the latest version of Microsoft Windows, which is Windows 7. These instructions will also work for those who are running Windows Vista.

(Continue reading…)