Infosecurity News
Facebook Builds its Own Threat Information Framework
Keeping ahead of web-based threats requires a mechanism to continually search for new types of attacks while understanding existing ones. However, data fragmentation and threat complexity plagues efforts to keep track of all the data related to malware, phishing and other risks – differences in how threats are discussed, categorized or even named vary from platform to platform and vendor to vendor. Facebook is taking steps to solve the issue for itself with the release of ThreatData.
Tax Phishes Spawn on Both Sides of Atlantic
Tax season in both the US and the UK is upon us and it looks like cybercriminals are once more trolling for unwitting victims with thematic phishing emails aimed to those preparing to render unto Caesar.
(ISC)² Teams with University of Phoenix for Cybersecurity Scholarships
With an eye toward tackling the cybersecurity workforce skills shortage, the University of Phoenix and the (ISC)² Foundation are teaming up to offer nine full-tuition scholarships for individuals looking to devote themselves to information security.
Angry Birds Leaks a Host of Info to Marketers
Bad piggies may need to be toppled, but fans of the ubiquitous Angry Birds mobile app should be aware that the popular game collects and shares players’ personal information much more widely than most people realize.
Criminal Underground is a Sophisticated Metropolis, with Stores, Education, and Law & Order
“Shadowy hacker underworld.” “Dark Web.” “Underground cyber-forum.” These are the phrases that get bandied about referring to those dark corners of the internet where cybercriminals publish their malware, espionage campaigns are hatched and hacktivist manifestos are discussed. The verbiage is decidedly DIY. But new research suggests that these cyber black markets are hardly makeshift affairs: rather, they account for a mature and growing multi-billion-dollar economy with a robust infrastructure and social organization.
Analysis of 3 Billion Attacks Demonstrates Security Gap Between Attack and Defense
For the first time, NTT has pooled the resources of its group companies and produced a threat report based on an analysis of 3 billion attacks. What it found is that while attackers move faster than defenders, and there are still many basic processes and procedures that companies are failing to implement.
NHS Care.data PR Fiasco Continues as Google Pulls Out of Secret Deal
First the NHS was forced to delay its care.data project (storage of all patient GP health data in a central data warehouse) for six months; then it was learned that PA Consulting had obtained 27 DVDs of hospital event statistics (HES) and uploaded them to Google cloud (followed by a complaint being raised with the ICO); and now Google has pulled out of search discussions with the NHS because it is 'too toxic'.
Snoopy: A Non-NSA Flying Stingray
Stingray is a US law enforcement spoof cell tower used to track the location of mobile phones. Snoopy is a project conducted by London-based Sensepost Research Labs that does similar and much more with any WIFI-enabled device. Now Snoopy has gone airborne – mounted on a drone it can hover above a target area and trick mobile devices into connecting: a form of flying MITM attack.
Apple Mac Ebay Scam Gang Busted
EC3, the cyber branch of Europol, has dismantled a Polish gang involved in online auction fraud. The gang would offer electronic items such as Apple computers, but deliver anything from a brick to items of fruit and vegetables. The scam involved Ebay and Polish auction sites, and was busted through the cooperation of the Polish National Police, Europol and Ebay.
Turkish Twitter Ban: An Exercise in Futility?
Following a nationwide ban on Twitter last week, thousands of internet denizens have been working successfully to get around the moratorium. Now, Turkey has taken steps to thwart circumvention efforts that will result in IP address filtering – but it could be an exercise in futility.
Time Warner Fielded Fewer than 250 National Security Information Requests in 2013
In the wake of Edward Snowden’s revelations and allegations that top ISPs and tech companies were complicit in the mass surveillance of the American people by the NSA, there has been an avalanche of transparency reports detailing law enforcement requests for user information and what became of them. The latest is Time Warner Cable (TWC), whose first transparency report shows that it processed around 12,000 government requests in 2013.
Middle East Malware Rates Five Times Worldwide Average
At the RSA conference 2014 in San Francisco, Tim Rains, director of Trustworthy Computing at Microsoft, spoke to Infosecurity editor Eleanor Dallaway about the security threat landscape in the Middle East.
Zorenium Bot: Heading to an iPhone Near You?
A new bot with the name Zorenium has landed in the criminal underground, with the ability to target Apple iOS devices like iPhone and iPad. It's not widely known, nor is it widely detectable.
California's DMV Investigates Card Processing Breach
When Brian Krebs learned of a private MasterCard warning being circulated to banks, he challenged the DMV – and only then did it issue a public statement that it was indeed investigating a potential security issue.
ISACA Launches Digital Badges for Credential Verification
ISACA is taking steps against fraudulent security credentialing with the introduction of digital badges for individuals who have completed one of the group’s training processes.
Syrian Electronic Army Hacks Microsoft, and the Country Disappears from the Web
Syrian politics are having big ramifications on the web this week. First up, the Syrian Electronic Army has released what it alleges are hacked invoices from Microsoft that document months of transactions between Microsoft's Global Criminal Compliance team and the FBI's Digital Intercept Technology Unit (DITU) regarding requests for Microsoft user information.
One of the Web's Top Porn Outlets Serves Up Malware
The Google blacklist and malware warnings are handy and give an air of authority – but sometimes the algorithm gets it wrong. Researchers have discovered that one of the web's top porn providers, beeg.com, which has an Alexa ranking of 332, is currently spreading malware. Although Google had originally blacklisted the site shortly after initial detection, the blacklist warning has since been removed.
Retail Tracking and Privacy Crypto Cracked in Minutes, for Less than a Dollar
Retail analytics have been around for a dog’s age, allowing stores – whether virtual or real – to track customer behavior and offer up related offerings accordingly. It’s a central part of the up-sell and cross-sell process that keeps the sector humming along with repeat business.
Old Vulnerability at the Heart of Escalating PHP Botnet Attacks
Back in October 2013, a public exploit for the PHP server-side framework was disclosed, using a command injection vulnerability found in May 2012 and categorized as CVE-2012-1823. Now, it appears that cybercriminals are still using it, despite the vulnerability being somewhat dated, because a major part of the install base of PHP does not get updated on a regular basis. It’s an easily solvable security hole that’s led to increasing levels of botnet attacks on big swaths of the public internet.
IBM Combats $3.5 Trillion in Fraud Losses with Broad-ranging Initiative
Digital channels such as mobile devices, social networks and cloud platforms offer the perfect connected footprint for bad actors probing for weaknesses and vulnerabilities to carry out everything from tax evasion, money laundering and cyber-attacks to threats from inside the organization. So, looking to take on the scammers and the grifters, IBM has announced a new initiative to use Big Data and analytics to address the $3.5 trillion lost each year to fraud and financial crimes.
