Infosecurity News

  1. BadBIOS – the God of Malware?

    Over the past few weeks, Dragos Ruiu has provided details of a mystery infection that first attacked his computers some three years ago. He can't find it, he can't get rid of it, it survives reboots and clean installs, and seems to spread via wireless audio waves. It's either the God of Malware, an elaborate hoax, a publicity stunt – or Dragos Ruiu has gone mad.

  2. Fidelity Investments Cyber-heist Suspects Arrested in California

    Masterminds behind a large-scale cyber-heist at Fidelity Investments in California have been arrested.

  3. Google Patches 12 Flaws, Pays $11K Bug Bounty in Chrome Update

    Google has patched 12 security vulnerabilities in the latest version of its browser, Chrome 31, paying out almost $11,000 in bug bounties in the process.

  4. WikiLeaks Publishes IP Chapter of Secret Trade Agreement

    WikiLeaks published Wednesday the full draft text of the intellectual property rights chapter for the secretly negotiated Trans-Pacific Partnership (TPP). TPP is a trade agreement primarily involving Pacific Rim countries (although currently excluding Russia and China), and it accounts for around 40% of global GDP.

  5. Irish Data Center Breach Hits 1.5 Million European Consumers

    A breach of a data center in Ireland has compromised the information of 1.5 million people.

  6. MacRumors Breached; 860k Passwords Potentially Compromised

    MacRumors was targeted and hacked in a manner similar to the Ubuntu Forums hack in July, announced its founder and editor Tuesday. "It's best to assume that your MacRumors Forum username, email address and (hashed) password is now known," he warned.

  7. How Snowden Breached the NSA from the Inside

    There have been many suggestions on how Edward Snowden managed to steal so many top secret documents from the NSA; but the NSA has kept quiet. Now new research claims to know how it was done, and challenges the NSA to deny it.

  8. Trustwave Acquires Application Security Inc

    Trustwave, a Chicago-based firm with a wide range of security offerings and a particular specialism in data protection, has bought privately held New York-based Application Security Inc, a specialist in database security. The acquisition is complete, and terms have not been disclosed.

  9. Waking Shark II – Stress Testing the City of London

    Today is Waking Shark II day – the day the City of London's cyber resilience is tested in a day long exercise. Details are scarce (it wouldn't be a test if they were known) but the war game is expected to concentrate on the ability of banks to maintain operations in the face of a sustained cyber attack.

  10. APTs and the Moriarty of Cybercrime

    Researchers have analyzed 11 apparently distinct APT campaigns, and have come to the conclusion that they are not as distinct as previously thought – in short, there's a malware quartermaster, a Moriarty of cybercrime, serving multiple threat actors.

  11. PCI DSS Version 3.0 Goes Beyond Compliance

    The PCI Security Standards Council (PCI SSC) has published version 3.0 of the PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) for debit and credit card security, geared to move organizations from mere compliance to more comprehensive security approaches built on shared responsibility.

  12. How GCHQ hacked Belgacom

    In September Der Spiegel published details from Snowden leaks indicating that GCHQ had been behind the hacking of Belgian telcommunications company Belgacom, in an operation codenamed Op Socialist. On Friday it published further details indicating how the breach had been effected.

  13. Stuxnet Also Infected Russian Nuclear Facility

    Stuxnet is widely taken to be the harbinger of modern cyberwarfare. It was developed by the US and Israel to target the Iranian nuclear program – but now it appears that it also infected a Russian plant.

  14. British Spy Agencies, Al Gore and Berners-Lee all Talking About Snowden

    In an unprecedented move, the reclusive heads of Britain's MI5, MI6 and GCHQ spy agencies appear in public before a parliamentary committee, while Al Gore gives a speech in Montreal and Sir Tim Berners-Lee is interviewed by the Guardian – and all are talking about Snowden's revelations.

  15. Adobe Breach is Far, Far Worse than Originally Thought

    After Brian Krebs gave Adobe a strong hint that it had been breached, the company announced that just short of three million accounts may have been compromised. It later upped this to 38 million – but it now appears that the true figure is around 150 million.

  16. Lack of IT Automation Drives Frequent Firewall Outages

    For UK and US businesses, increased complexity stemming from trends like cloud computing and virtualization is driving a need for more automation within the IT network; but reality is lagging the requirement.

  17. Automatic IFS Encryption for IBM i with New Release from Linoma Software

    Linoma Software’s Crypto Complete data encryption solution is breaking ground on IBM i by providing automatic encryption of files stored on the operating system’s integrated file system (IFS).

  18. Computer Animation Snares 1000 Sex Predators

    Terre des Hommes is a network of ten international organizations that work for the rights of children. TDH Netherlands, Monday, published a dossier on, and a call to action to stop, the web cam sexual exploitation of children.

  19. CryptoLocker Most Current Prolific Malware

    CryptoLocker is a new breed of ransomware that encrypts victims' data with public key encryption, and demands payment for the decryption key – the only way that infected victims can regain access to their data.

  20. Privacy International Calls on OECD to Investigate Telecoms Relationships with GCHQ

    Following its involvement in taking the UK to the European Court over GCHQ's mass surveillance program, Privacy International has now raised formal complaints with the OECD against the telecoms companies that have co-operated with GCHQ.

Why not watch?

  1. New Cyber Regulations: What it Means for UK and EU Businesses

  2. Learn Key Strategies for Industrial Data Security

  3. The Future of Fraud: Defending Against Advanced Account Attacks

  4. Going Beyond Traditional Attack Surface Management with Cyber Threat Intelligence

What’s hot on Infosecurity Magazine?