Infosecurity News

  1. Undetected for Years, Operation Windigo Affects Millions of Servers

    A vast spam and malware campaign has been uncovered that has seized control of more than 25,000 UNIX servers worldwide, daily affecting half a million computers. The backdoor trojan is responsible for sending more than 35 million spam emails every day.

  2. Trustwave Acquires Cenzic to Add Dynamic Testing

    Trustwave announced Tuesday that it has acquired Cenzic for an undisclosed sum, thus combining Trustwave's static application security testing capabilities and Cenzic's dynamic application security testing into a single platform.

  3. Commercial RAT Used by Malicious Hackers

    Win-Spy is a commercial off-the-shelf (COTS) stealth monitoring tool. "Start Spying on any PC or Phone within the Next 5 minutes," says its website. With such products generally available, why should hackers go to the trouble of developing their own RATs? Indeed, according to a FireEye analysis following an attempted intrusion on a US financial institution, they don't.

  4. Join the Grand Theft Auto 5 PC Beta Program Scam

    Everybody likes to be first. Publications like to be the first to publish news, politicians like to be the first with good news, and gamers like to be the first to experience a new game. That's what makes gamers such obvious targets for scams, spam and phishing campaigns based on new versions of popular games.

  5. Hollywood Likely to be Targeted by Chinese Hackers

    Hollywood appears to be emerging as a prime target not just for video pirates, but for Chinese hackers. This is the conclusion of security researchers who have examined the probable attitude of China toward the cultural impact of Hollywood.

  6. Security in Apple's iOS 7 Weaker, Not Stronger, than iOS 6

    Aware of weaknesses in the early_random() pseudo random number generator used in iOS 6, Apple switched to an entirely new generator in iOS 7. In doing so, however, it weakened rather than strengthened the random number generation that lies at the heart of many of the attack mitigations that supposedly make iOS a secure operating system.

  7. LightOut is Latest Cyber Threat to Target Energy Sector

    What happens when the energy grid goes down? Well the lights, of course, go out. A fresh advanced persistent threat (APT) targeting the energy sector is thus aptly named LightsOut, and like previous attacks, it used a watering hole method to start its system compromise.

  8. Backdoor Found in Samsung Galaxy

    A developer working on Replicant, an open-source free mobile operating system designed to replace all proprietary Android components with open-source alternatives, has discovered a backdoor in Samsung Galaxy that provides almost full access to user files, camera, microphone and location.

  9. Nokia Tackles Carrier Roles in Mobile Security with Berlin-based Cybersecurity Center

    With the infiltration of handheld devices into virtually every aspect of our consumer and enterprise lives, mobile networks should be considered critical infrastructure with high impact on public welfare and safety; and cyber-security should be addressed accordingly. That’s the premise behind Nokia Solutions and Networks’ plans to establish a Mobile Broadband Security Center in Berlin.

  10. Target May Have Ignored Pre-breach Intrusion Warning

    The largest retail breach in history happened at Target stores all over the country during the busy 2013 holiday shopping season, sparking 90+ lawsuits, a Congressional hearing, corporate restructuring and plummeting sales figures for the big-box retailer. But according to a report, it all could have been prevented – had the retail giant simply listened to its own internal early warning systems.

  11. ICS Flaws Discovered that Could Affect Thousands of Plant-monitoring Systems

    Industrial control systems (ICS) are a notorious weak link when it comes to securing mission-critical infrastructure, but progress in overhauling cyber-practices for this legacy software seems to be moving along at a snail’s pace. Case in point: yet another system, deployed in thousands of locations globally and often exposed to the internet, has been found to be eminently vulnerable.

  12. Government ID Theft Ringleader Gets 12 Years in Prison

    The leader of an identity theft ring that stole more than 600 identities from US government employees and others has been sentenced to serve 12 years in prison, followed by three years of supervised release.

  13. The NSA's Botnet of Botnets: an Active SIGINT System

    The latest revelations from the Snowden files, published by Glenn Greenwald's new venture The Intercept, show that NSA thinking has followed the same arguments developed by cybercriminals: if you wish to control a large number of subjects (infected computers) you need to automate the process with a command and control server. This is a botnet.

  14. Warning: DDoS Attack Volume Balloons 807.48% in Fresh Spike

    While network time protocol (NTP) amplification attacks have been a threat for many years, a new DDoS surge is ringing alarm bells: in just one month, February 2014, the number of NTP amplification attacks increased 371.43%. The average peak DDoS attack volume increased a staggering 807.48%.

  15. Worm that Wreaked Havoc for US Military Likely a Progenitor of Red October

    More than a year ago, Kaspersky Labs analyzed dozens of modules used by Red October, an extremely sophisticated cyber-espionage operation that has been at work in dozens of high-profile targets. New analysis shows that one of its genetic progenitors is likely Agent.btz, a long-running, data-collecting worm believed to have been developed by Russian special services.

  16. secunet Previews New SINA Workstation and Tablet PC

    Essen, Germany-based secunet Security Networks, which specializes in protecting classified/sensitive information, gives a sneak peak at soon-to-be-available updates to the firm’s product line

  17. False Passports on Flight MH370 Highlights Failure to Use Interpol's Resources

    The tragic and mysterious loss of Malaysia Airlines Flight MH370 has spawned numerous dark theories, most centered around the discovery that two passengers were using stolen passports.

  18. Online Pentesting Goes Into Open Beta

    Penetration testing is a valuable part of any security audit. It applies a hacker mindframe to finding the vulnerabilities that hackers seek to exploit before they get to exploit them. But it suffers from two weaknesses: cost and timeframe. A third-party pentest can be expensive, and only audits security at the time of the test – new software tomorrow could introduce new vulnerabilities.

  19. LockLizard Develops Zero Footprint Solution for PDF Security

    LockLizard, a leading provider of document digital rights management (DRM) systems, will be addressing the holy grail of document security with the launch of a new web-based DRM solution for viewing protected PDF files

  20. City of London Plans Police Access to 1300 ANPR Cameras

    London operates a congestion charge to reduce traffic in central London. The congestion charge is enforced by 1300 automatic number plate recognition (ANPR) cameras operated by Traffic for London. Now the City of London is considering making feeds from these cameras available to the Metropolitan Police.

Why not watch?

  1. New Cyber Regulations: What it Means for UK and EU Businesses

  2. Securing Your Move to Hybrid Cloud Infrastructure

  3. The Future of Fraud: Defending Against Advanced Account Attacks

  4. Supercharge Your Security With Intelligence-Driven Threat Hunting

What’s hot on Infosecurity Magazine?