Malware

The creators and maintainers of exploit kits often rely on public reports of new exploits and proof-of-concept exploit code in order to be able to add new exploits to their software. And in many cases, the exploits included in kits such as Black Hole and Eleonore and others will be for vulnerabilities that are older and have long since been patched. But, if recent events are any indication, that could be changing.

USAA is warning its members about a sophisticated phishing scam that attempts to install a malicious banking Trojan on members computers.

Investigations by the BBC suggest a widening probe into alleged computer hacking by UK newspapers. In all, the computer hacking may have been as widespread as now-notorious voicemail hacking conducted by reporters at Rupert Murdoch’s News of the World, and may have compromised classified British intelligence from government officials, the reports say.

Peddlers of ransomware are increasing their effectiveness by tailoring region-specific versions of a scam that impersonates local police.

A new version of the REMnux specialized Linux distribution has been released, and it now includes a group of new tools for reverse-engineering malware. The new additions include a tool for memory forensics as well as one for analyzing potentially malicious PDFs.

Adobe on Tuesday released a patch for a vulnerability affecting versions of its ColdFusion Web application development platform. A company spokeswoman said the company still hasn’t set a date for an emergency patch for a critical and previously unknown hole in both the Adobe Reader and Adobe Acrobat applications, after promising to issue a fix this week. 

In the wake of the hack of water and sewer infrastructure operated by a Texas community, the Department of Homeland Security is again warning owners and operators of critical infrastructure to take note of SCADA and industrial control systems that may be accessible from the Internet.