Infosecurity News

  1. Tinder App Allowed Users to Precisely Locate Others

    Tinder is a very popular mobile dating app. It is designed to allow people to 'meet' virtually before deciding whether they would like to meet for real. Unfortunately, Tinder has a history of allowing one user to physically locate another, even if the approach has been rejected.

  2. 96% of Applications Have an Average of 14 Vulnerabilities

    The latest Cenzic report on application vulnerability trends shows that things aren't getting any better. All software has bugs, and almost all of them have bugs that are security vulnerabilities. In fact, on average, they have 14 separate vulnerabilities – a quarter of which are cross-site scripting flaws.

  3. Microsoft Pays Another $100K Bug Bounty

    Microsoft has paid out its second $100,000 bug bounty since launching its reward program in mid-2013. The award brings total payouts for the program to $253,000 in under a year.

  4. Zeus Trojan Now Hiding in Plain Sight – Using Pictures

    A new variant of the notorious Zeus banking trojan is making the rounds, with a new approach that uses steganography, a technique that allows it to disguise data inside of an existing file without damaging it.

  5. Scariest Search Engine on the Internet Just Got Scarier

    CNN Money described Shodan as "The scariest search engine on the Internet." Forbes called it a "terrifying search engine." Unlike Google, Shodan searches for internet-connected devices (which could have known vulnerabilities) rather than information. For those who believe this is scary, it just got scarier with the launch of Shodan Maps.

  6. 70% of Android Devices Vulnerable to a Remote Exploit

    Rapid7's Metasploit researchers have developed a new exploit for an old vulnerability that remains pervasive in the Android ecosystem some 9 months after it was patched by Google. With this new code, 70% of all Android users are vulnerable to a little social engineering and a remote takeover.

  7. Hundreds of Millions of Passwords are Compromised Yearly

    An analysis of compromised credentials posted to Pastebin suggests that hundreds of millions of passwords are being compromised by cybercriminals every year.

  8. Researcher Develops New Geographical Passwords

    Passwords do not keep our personal data safe. That much is empirically clear – the sheer volume of passwords that are stolen and the ease with which they are cracked demonstrates this on a weekly basis. But it is not the theory of passwords that fails, it is the human inability to use them wisely that is the weakness.

  9. Australia Offered Economic Espionage Results to the NSA

    Details from a newly disclosed document from the cache of Edward Snowden leaks demonstrates that the Australian spy agency (one of the Five Eyes) was monitoring a US law firm advising the Indonesian government on a trade dispute with the US in 2013 in a clear breach of attorney/client confidentiality – and offered that information to the NSA.

  10. Merkel and Hollande Propose a European Internet

    News outlets, such as the BBC, are reporting that Germany's Chancellor Angela Merkel "is proposing building up a European communications network to help improve data protection" and prevent European emails and other data passing through the United States where it can be, and has been, harvested by the NSA.

  11. The Syrian Electronic Army Hacked Forbes and Dumped 1 Million Credentials

    In a brief statement, Forbes said it had been compromised; that email addresses had been exposed (so beware of phishing attempts); and that passwords had been stolen ('encrypted', but change them anyway); and that law enforcement had been informed. It doesn't name the attackers, but there is more to this news.

  12. New IE 0-Day Used in Watering Hole Attack

    A new Internet Explorer 0-day exploit, apparently used by an old hacking group, was found to have been served by the compromised Veterans of Foreign Wars website. Similarities in the attack suggest the same group as that involved in operations DeputyDog and Ephemeral Hydra were behind the attack. That group is thought to emanate from China.

  13. Happy Valentine's Day: Scam Artists Turn to Online Dating

    Scam artists have for centuries preyed upon the tender affections of the lovelorn, stripping assets and leaving broken hearts in their wake. From the 18th Century classic "Les Liaisons Dangereuses" to the modern-day film "An Education" and Kanye’s “Gold Digger” anthem, popular culture has always shown us that the path to scam success often lies in matters of the heart.

  14. Trojanized Flappy Bird Wings Its Way to Android

    Flappy Bird may have had its wings clipped, but something else has risen, phoenix-like, in its place: a fake, weaponized version of the addictive iPhone and Android game.

  15. Investigation into the Tesco 'Hack'

    More than 2000 Tesco user credentials complete with the monetary value of earned vouchers were anonymously posted on Pastebin on Wednesday (still there at the time of writing this). The question is, how were they acquired: from reused passwords obtained from other breaches; or directly from Tesco?

  16. Anti-theft Software Could Be Attackers' Conduit to Millions of PCs

    A useful cyber-defensive utility can be turned into a powerful tool for cyber-attackers in the form of full access to millions of users' computers, according to research from Kaspersky Lab regarding an element of Absolute Software’s anti-theft software

  17. UK lags behind US in Security Preparedness and Attitudes

    Just 17 per cent of UK business leaders see cyber security as a major priority, compared to 41 per cent in the US, according to new research from BT. This comes from a survey of 500 IT decision makers in medium to large organizations across seven countries undertaken by Vanson Bourne for BT in October 2013.

  18. Dropbox Transparency Report Includes Secret FISA Court Requests

    Online file-sharing service Dropbox, like other cloud-based tech providers, has been allowed to disclose national security requests for user information for the first time. In its latest transparency report, it said that it fielded 249 or fewer national security requests from the US government in 2013. These include National Security Letters and orders issued under the Foreign Intelligence Surveillance Act (FISA orders).

  19. Sophos Acquires Cyberoam to Boost Layered Defense Portfolio

    Anti-virus company Sophos has announced that it has acquired Cyberoam, a fellow player in the network security market that specializes in unified threat management (UTM) and security information and event management (SIEM).

  20. PCI DSS Compliance is Improving, But Not Yet Good Enough

    Verizon has published its third report into the state of PCI DSS conformance drawn from an analysis of compliance assessments for more than 500 companies around the world. The result shows that compliance is improving, but that the majority of companies that accept payment cards still fail to maintain PCI security standards.

Why not watch?

  1. Supercharge Your Security With Intelligence-Driven Threat Hunting

  2. New Cyber Regulations: What it Means for UK and EU Businesses

  3. Reinforcing Firewall Security: The Need to Adapt to Persistent Cyber Threats

  4. Supply Chain Risk and Mitigation in Operational Technology

What’s hot on Infosecurity Magazine?