Throughout history, wars and plagues have wiped out entire cities and civilizations, leaving behind nothing but corpses and tears. Strangely enough, the same thing happened yesterday in World of Warcraft when hackers took advantage of an exploit that allowed them to march through various realms, destroying every character they came across, even non-player characters (NPCs).
Kristy Ross, suspected ringleader of a "scareware" scam that tricked over a million consumers into buying software to remove malware detected by fake antivirus scans, has been ordered to pay more than $163 million in damages, the Federal Trade Commission announced. The court also permanently barred Ms. Ross from selling security software of any kind, as well as any software that might interfere with a consumer's computer use or engage in any from of deceptive marketing.
Adobe is no stranger to seeing vulnerabilities in its software being targeted in the wild, but it’s not every day that the company comes across malware masquerading as Adobe software using a valid code signing certificate. Adobe recently received not one, but two such malicious utilities, the company revealed Thursday.
Bug collecting can be quite the lucrative hobby, provided they're of the software variety. Google routinely pays out three-, four-, and sometimes five-figure bounties to bug hunters who find and report vulnerabilities in the company's Chrome browser, but yesterday, it took the unusual step of paying a pair of software gurus $5,000 for reporting an issue in Windows.
Friday saw the release of a critical out-of-band patch for Internet Explorer from Microsoft. The security update (MS12-063) addresses as many as five vulnerabilities, but none more important than the critical zero-day bug (CVE-2012-4969) that was made public by French researchers earlier this week, and one which even prompted Germany’s Federal Office for Information Security (BSI) to issue an advisory requesting German citizens to stay away from IE. The Redmond-based company has also released a security update for Adobe Flash IE 10.
While most of us were relaxing over the Labor Day weekend, the folks at McAfee were finishing up the security firm's second quarter Threat Report (PDF) for 2012. In it, McAfee Labs noted a 1.5 million increase in malware since the previously quarter, as well as a number of new threats like mobile "drive-by downloads" and using Twitter to control mobile botnets. All combined, McAfee detected the largest number of malware in four years.
Though it's been relatively quiet lately, the high profile hacking organization known as Lulz Security (LulzSec) spent much of last summer stirring up trouble on the Internet, often times at the expense of innocent users who happened to be customers of whichever organization the cyber scoundrels were targeting. The FBI hasn't forgotten about all the illegal activity that took place, and related to the infamous Sony breach, federal authorities arrested a second suspected LulzSec member in the U.S.
Windows 8, for those of you who don’t know, relies on something called SmartScreen Application Reputation to identify and warn users of potentially dangerous desktop apps. According to Microsoft, the operating system uses SmartScreen, which was previously restricted to Internet Explorer, to conduct “an application reputation check the first time you launch applications that come from the Internet.” With SmartScreen providing an additional layer of security to Windows 8 users, they will have a lot less to worry about, right? Wrong, according to Canadian security researcher Nadim Kobeissi, who has a serious issue with the way the feature works.
Blizzard Entertainment, the company behind the insanely popular World of Warcraft franchise and, more recently, Diablo III, confirmed that it's Battle.net game service suffered a security breach that compromised certain user data. The full extent of the hack attack is still unknown, but at this stage, Blizzard doesn't believe that any financial data was lifted, including credit card info, billing addresses, or real names.
The lack of confirmation kept us from writing up a definitive post on this last week, however I think it’s now safe to finally report that Safari for Windows is officially dead. Apple released its newest operating system on July 25th, and along with it came Safari version 6, a full point ahead of the most recent Windows release. Since then Apple has removed any reference to Safari for Windows from its website, and is more or less acting like it never happened.