Infosecurity News

  1. NHS Care.data PR Fiasco Continues as Google Pulls Out of Secret Deal

    First the NHS was forced to delay its care.data project (storage of all patient GP health data in a central data warehouse) for six months; then it was learned that PA Consulting had obtained 27 DVDs of hospital event statistics (HES) and uploaded them to Google cloud (followed by a complaint being raised with the ICO); and now Google has pulled out of search discussions with the NHS because it is 'too toxic'.

  2. Snoopy: A Non-NSA Flying Stingray

    Stingray is a US law enforcement spoof cell tower used to track the location of mobile phones. Snoopy is a project conducted by London-based Sensepost Research Labs that does similar and much more with any WIFI-enabled device. Now Snoopy has gone airborne – mounted on a drone it can hover above a target area and trick mobile devices into connecting: a form of flying MITM attack.

  3. Apple Mac Ebay Scam Gang Busted

    EC3, the cyber branch of Europol, has dismantled a Polish gang involved in online auction fraud. The gang would offer electronic items such as Apple computers, but deliver anything from a brick to items of fruit and vegetables. The scam involved Ebay and Polish auction sites, and was busted through the cooperation of the Polish National Police, Europol and Ebay.

  4. Turkish Twitter Ban: An Exercise in Futility?

    Following a nationwide ban on Twitter last week, thousands of internet denizens have been working successfully to get around the moratorium. Now, Turkey has taken steps to thwart circumvention efforts that will result in IP address filtering – but it could be an exercise in futility.

  5. Time Warner Fielded Fewer than 250 National Security Information Requests in 2013

    In the wake of Edward Snowden’s revelations and allegations that top ISPs and tech companies were complicit in the mass surveillance of the American people by the NSA, there has been an avalanche of transparency reports detailing law enforcement requests for user information and what became of them. The latest is Time Warner Cable (TWC), whose first transparency report shows that it processed around 12,000 government requests in 2013.

  6. Middle East Malware Rates Five Times Worldwide Average

    At the RSA conference 2014 in San Francisco, Tim Rains, director of Trustworthy Computing at Microsoft, spoke to Infosecurity editor Eleanor Dallaway about the security threat landscape in the Middle East.

  7. Zorenium Bot: Heading to an iPhone Near You?

    A new bot with the name Zorenium has landed in the criminal underground, with the ability to target Apple iOS devices like iPhone and iPad. It's not widely known, nor is it widely detectable.

  8. California's DMV Investigates Card Processing Breach

    When Brian Krebs learned of a private MasterCard warning being circulated to banks, he challenged the DMV – and only then did it issue a public statement that it was indeed investigating a potential security issue.

  9. ISACA Launches Digital Badges for Credential Verification

    ISACA is taking steps against fraudulent security credentialing with the introduction of digital badges for individuals who have completed one of the group’s training processes.

  10. Syrian Electronic Army Hacks Microsoft, and the Country Disappears from the Web

    Syrian politics are having big ramifications on the web this week. First up, the Syrian Electronic Army has released what it alleges are hacked invoices from Microsoft that document months of transactions between Microsoft's Global Criminal Compliance team and the FBI's Digital Intercept Technology Unit (DITU) regarding requests for Microsoft user information.

  11. One of the Web's Top Porn Outlets Serves Up Malware

    The Google blacklist and malware warnings are handy and give an air of authority – but sometimes the algorithm gets it wrong. Researchers have discovered that one of the web's top porn providers, beeg.com, which has an Alexa ranking of 332, is currently spreading malware. Although Google had originally blacklisted the site shortly after initial detection, the blacklist warning has since been removed.

  12. Retail Tracking and Privacy Crypto Cracked in Minutes, for Less than a Dollar

    Retail analytics have been around for a dog’s age, allowing stores – whether virtual or real – to track customer behavior and offer up related offerings accordingly. It’s a central part of the up-sell and cross-sell process that keeps the sector humming along with repeat business.

  13. Old Vulnerability at the Heart of Escalating PHP Botnet Attacks

    Back in October 2013, a public exploit for the PHP server-side framework was disclosed, using a command injection vulnerability found in May 2012 and categorized as CVE-2012-1823. Now, it appears that cybercriminals are still using it, despite the vulnerability being somewhat dated, because a major part of the install base of PHP does not get updated on a regular basis. It’s an easily solvable security hole that’s led to increasing levels of botnet attacks on big swaths of the public internet.

  14. IBM Combats $3.5 Trillion in Fraud Losses with Broad-ranging Initiative

    Digital channels such as mobile devices, social networks and cloud platforms offer the perfect connected footprint for bad actors probing for weaknesses and vulnerabilities to carry out everything from tax evasion, money laundering and cyber-attacks to threats from inside the organization. So, looking to take on the scammers and the grifters, IBM has announced a new initiative to use Big Data and analytics to address the $3.5 trillion lost each year to fraud and financial crimes.

  15. EA Games Targeted by Phishers Looking for Apple IDs

    EA Games, maker of popular gaming series including Sims, Plants vs. Zombies, Star Wars Battlefront and others, has been attacked by hackers bent on compromising more than a virtual rebel base. A server for its website has come under fire and is now hosting a phishing site that targets Apple ID account holders.

  16. Full Disclosure Mailing List Shuts Down

    John Cartwright, the operator of Full Disclosure, announced yesterday that he has shut down the mailing list. His own post, 'Administrivia: The End', is the final entry. It was always a controversial service, frequently publishing vulnerability details before vendors had patches available, but the manner of its passing has surprised many.

  17. Sally Beauty Supply Endures the Latest Retail Data Breach

    Security isn’t a cosmetic concern, as we’re seeing from the latest retail data breach report. Following the disclosure of an unauthorized attempted intrusion into its network on March 5, Sally Beauty Supply has reported that it has indeed suffered a data breach as well.

  18. NSA Collects the Whole Voice Conversation of an Entire Nation

    It could, in fact, be at least five nations, with a sixth scheduled for inclusion soon. These revelations were published yesterday in a report based on Snowden leaks just after Edward Snowden himself warned the TED2014 Conference audience in Vancouver that there are more – and worse – revelations to come.

  19. 19-Year Old Saves City of London From Certain Cyber Disaster – Takes Home Masterclass Title

    Once again, the UK's most promising amateur cyber defenders competed to defend the City of London from a simulated cyber-attack, as part of the Cyber Security Challenge Masterclass. A 19-year-old student was crowned the UK Cyber Security Champion after beating all comers over the course of a year-long competition that tested computer defense skills.

  20. Edward Snowden: The Internet Is Not Our Enemy, and Encryption Can Protect It

    Edward Snowden was a surprise speaker at TED2014 in Vancouver. Beamed in via a telepresence robot from his exile in Russia, he spoke to TED presenter Chris Anderson, and was joined by 'father of the web' Sir Tim Berners-Lee. Snowden said there is more to come, and that encryption remains the internet's best defense.

Why not watch?

  1. Reinforcing Firewall Security: The Need to Adapt to Persistent Cyber Threats

  2. Securing Your Move to Hybrid Cloud Infrastructure

  3. New Cyber Regulations: What it Means for UK and EU Businesses

  4. Going Beyond Traditional Attack Surface Management with Cyber Threat Intelligence

What’s hot on Infosecurity Magazine?