The state of the cloud and the Software-Defined Data Center

We’ve long been moving toward cloud-based and virtualized infrastructures, but in some ways 2016 might just be the year in which the Software-Defined Data Center (SDDC) really becomes a fixture in corporate America, according to HyTrust. There’s belief that optimal SDDC strategies and deployment can drive up virtualization ratios and server optimization. All this because even though data breaches will surely happen, concerns over security and compliance will be far less an obstacle. SDDC: Positive … More

Opera Software founder launches Vivaldi, a new browser

After more than one year in public development and millions of downloads, Vivaldi today released the first major release of its desktop browser: Vivaldi 1.0. The UI uses React and JavaScript, as well as Node.js. The core of the browser uses Chromium, ensuring pages render quickly and accurately. “We share the same core code as Chrome (Chromium) but we are very different with handling the privacy of our users. First of all, our business model … More

Tor Project exploring ways to keep its software and users safe

In view of the recent legal battle between the FBI and Apple regarding phone encryption, and this article revealing that there have been many instances where the US Department of Justice demanded source code and private encryption keys from tech companies, the Tor Project decided to voice their support for Apple, and to outline their current protections against their software being backdoored, as well as their active work on adding new ones. “For all of … More

OS X ransomware found bundled with legitimate software

Palo Alto researchers have discovered the first fully functional ransomware aimed at Mac users. The malware, dubbed KeRanger, has been found on Friday (March 4), bundled into the Mac version of the popular open source Transmission BitTorrent client, and made available for download on the Transmission developers’ official website. The website now sports an alert on the main page, saying that everyone running version 2.90 of Transmission on OS X should immediately upgrade to and … More

Weak default credentials, command injection bug found in building operation software

A vulnerability in servers programmed with Schneider Electric’s StruxureWare Building Operation software can be exploited by a low-skilled, remote attacker to gain access to the servers and make changes that could affect a building’s security. What’s more, the software was also shipped with weak default user credentials that administrators weren’t required to change when setting up the system. StruxureWare Building Operation software provides integrated monitoring, control and management of energy, HVAC, lighting and fire safety. … More

Critical Glibc flaw opens Linux distros, other software and devices to compromise

A critical bug has been found to open an unimaginable number of computers, networking and other connected devices to attacks that can result in complete system compromise. Discovered independently by Google and Red Hat researchers, the bug resides in the GNU C Library (aka “glibc”), the open-source implementation of the C and C++ programming language libraries. Glibc is incorporated in practically every major Linux distribution, many embedded systems, devices like routers, many small-device projects, and … More

Authorized Symantec reseller scams users into buying security software

Malwarebytes researchers have discovered a new tech support scam that, unlike most, is being perpetrated by an active member of the Symantec Partner Program. Users are being tricked into visiting a web page sporting a fake warning imitating those shown by Symantec’s Norton AV, and urged to contact tech support via a “support toll free helpline”: Calling the offered phone number will get the victims in touch with a “support technician” that first instructs them … More

GPS faker software broadcasts spam across thousands of fake profiles

Different from traditional email spam, social spam can reach a large audience by nature of the platform and can appear trustworthy since it is coming from people in your social network. This kind of spam also has a long lifespan since social media content stays online 24/7 and is rarely removed, if ever.More than a mere annoyance factor, such attacks degrade brand name reputation and platform integrity, hindering user growth and even driving away existing … More

Two arrested for helping malware developers evade AV software

Two suspects have been arrested on suspicion of operating a website offering services to help criminals overcome and avoid anti malware software, following a joint investigation led by the National Crime Agency and Trend Micro. The suspect’s website – reFUD.me – provided a number of functions, both free and for charge, which allowed malware developers to scan their illegal files. They would then learn whether or not they could successfully infect victims’ computers by circumventing … More

Buhtrap gang distributes malware through Ammyy’s remote desktop software

ESET has uncovered several examples of malware being distributed via a strategic web compromise. Recently, visitors to ammyy.com were offered a bundle containing not only the company’s legitimate Remote Desktop Software, Ammyy Admin, but also malware. Researchers noticed in late October that, for about a week, visitors to ammyy.com were downloading an installer that contained malware along with the Ammyy product. While Ammyy Admin is legitimate software, it has a long history of being used … More