Infosecurity News

  1. Oracle Update Adds Java and Patches 120 Flaws

    Oracle has released its Critical Patch Update (CPU) for October 2013, incorporating, for the first time, Java, which was heretofore patched on a separate cycle every four months. The update is massive, fixing 120 flaws across most of Oracle’s product families.

  2. DDoS Attacks Getting Harder to Detect

    Distributed denial-of-service (DDoS) attacks are getting harder to identify, and they will most likely be found to originate in Indonesia or China, new research has shown.

  3. A Q&A with Charlie Miller, Computer Security Researcher at Twitter

    At the recent Hacker Halted conference in Atlanta, Infosecurity Editor Eleanor Dallaway, spoke to Twitter’s computer security researcher, Charlie Miller, also known for his public hacks on Apple products and his tenure at the NSA. They talked about mobile threats, car hacking and the evolution of the information security industry’s mindset.

  4. Hackers Target Mandiant CEO Via Limo Service

    Hackers are apparently stalking Kevin Mandia, chief executive of the cybersecurity company Mandiant.

  5. Google-backed File-sharing Service Spreads Chinese Malware

    Most people in the West haven’t heard of it, but Xunlei, a file-sharing service that boasts Google as an investor, has hundreds of millions of users in China. And, it was recently found to be distributing a signed malware known as KanKan.

  6. LockLizard Expands Document DRM Market to Android Devices

    LockLizard, a London-based provider of PDF document digital rights management (DRM) controls, is in the final stages of delivering a DRM secured viewer for the Android device marketplace.

  7. CryptoLocker: The Ransomware There's No Coming Back From

    A ransomware threat known as CryptoLocker is making the rounds, scrambling files in the process. And once it’s triggered, there is no way to recover them.

  8. Google Chrome Opens Up Personal Information to Hackers

    Google Chrome has been shown to have a major security flaw: any consumer who has ever typed in personal information while using the Google Chrome browser, be it for e-commerce or to sign up for newsletters, should be aware that this information is saved to their hard drives, unencrypted.

  9. Public WiFi Hotspots Ripe for MITM Attacks

    Ah, the public hotspot: oases of connectivity in airports, coffee shops, bookstores, town centers and at chains that range from Starbucks to Barnes & Noble to McDonalds.

  10. Nordstrom Hit By Card Skimmer Scam

    The retail sector often faces unique security challenges, not the least of which are the point of sale (PoS) terminals and cash registers that offer a convenient repository from which to lift credit and debit card numbers. Hackers can make use of connected PoS terminals to get in virtually, or can compromise physical security to get ahold of the information they want.

  11. Blue-chip Hacking List Scandal Grinds On

    The blue-chip list is a list of around 100 major firms and a few celebrities that employed four disgraced – and imprisoned – private investigators. The 'scandal' is that SOCA sat on the list without ever revealing its content, and possibly without adequately investigating the PI clients concerned.

  12. Google Offer OSS Patch Bounty to Fixers

    More and more software companies – including Google – have started to offer bug bounties to independent security researchers who find and responsibly disclose software flaws. Now Google will offer a bounty to OSS developers who also fix them.

  13. vBulletin Exploit Makes the CMS Rounds

    vBulletin, one of the most popular content management systems (CMS) on the web and the engine behind many a discussion forum, is the target of a new exploit making its way into the wild.

  14. SSL Forward Secrecy Now Included in SSL Pulse Reports

    SSL has long been used to provide security in communications; and Ivan Ristic, director of engineering at Qualys has long been an enthusiast. Last year, with the Trustworthy Internet Movement, he was instrumental in establishing SSL Pulse, "a continuous and global dashboard for monitoring the quality of SSL support across the top one million web sites."

  15. WhatsApp, Avira, and AVG not Hacked, Just Hijacked

    Reports emerged over the last few days that numerous big-name organizations such as WhatsApp, AVG, Alexa and Avira, had been hacked by the pro-Palestine group KDMS. In fact they had not been hacked, merely hijacked in a series of DNS redirection attacks against Network Solutions.

  16. Eight Silk Road-related Arrests Made Worldwide – Four in the UK

    Just hours after the FBI arrested Dread Pirate Roberts, alleged operator of the Silk Road, the UK's new NCA arrested four Brits on related drug charges. Two further arrests were made in the US, and two in Sweden.

  17. NIST, Cyberdefense is Shut Down in the Shutdown

    The National Zoo’s Panda Cam, the World War II memorial, vast swaths of FEMA and food stamps are all casualties of the US government’s ongoing shutdown in the wake of Congress failing to approve funding for government operations. Cybersecurity isn’t escaping the furloughs either, leaving some to postulate that the US is essentially asleep at the switch right now – and eminently vulnerable.

  18. Author of Blackhole Exploit Kit Allegedly Arrested in Russia

    A security researcher tweeted yesterday, "Blackhole exploit kit author 'Paunch' and his partners arrested in Russia." There is no further corroboration, and nothing yet from the Russian authorities; but some circumstantial evidence suggests it may be true.

  19. UK Lauches Its Own FBI: The NCA

    The UK's latest attempt to launch a national police police force as elite and feared as the FBI came into being Monday. Its purpose, says home secretary Theresa May, is "the relentless disruption of organised criminals."

  20. EU's Data Protection One-Stop-Shop Inches Forward

    Current European data protection laws require that multinationals abide by the national data protection law in each country in which they operate. This is burdensome. To ease this burden, the proposed General Data Protection Regulation includes a one-stop-shop principle. But this is proving problematic.

Why not watch?

  1. Securing Your Move to Hybrid Cloud Infrastructure

  2. Reinforcing Firewall Security: The Need to Adapt to Persistent Cyber Threats

  3. Going Beyond Traditional Attack Surface Management with Cyber Threat Intelligence

  4. The Future of Fraud: Defending Against Advanced Account Attacks

What’s hot on Infosecurity Magazine?