Infosecurity News

  1. Shylock Malware Surges to Target Vast Swath of Banking Sector

    A resurgence of the Shylock/Capshaw banking threat has hit banks across the EU again, as well as several top US banks. In all, Capshaw is this time being found to affect at least 24 financial institutions.

  2. NCC Group CEO Completes 600km Mountain Cycle for Charity

    Eight leading North West businessmen, including Rob Cotton, CEO of NCC Group, celebrated an epic success this week, raising over £210,000 to date for The Christie NHS Trust while beating the hardest stages of the Tour de France route in the process.

  3. FireEye Goes Public; Trading on NASDAQ Expected Today

    Market confidence in Silicon Valley is rising again. While Twitter has announced plans for an IPO, FireEye has proceeded with its own, selling more shares at a higher price than at first intended.

  4. RSA Says Don't Use NIST Crypto Algorithm

    Last week NIST recommended that its elliptic curve specification 'no longer be used.' Now, in an email advisory sent to customers, RSA strongly recommends that developers discontinue use of Dual EC DRBG and move to a different PRNG.

  5. Apple iOS 7: A Security Overview

    Apple's new iOS 7, pre-loaded on the new iPhone 5s and 5c, is also available for download to older devices. It is said to include more than 200 new features – here we look at some of the security aspects and issues.

  6. 30% of Tor Web Browser Transactions Found to Be Fraudulent

    Tor is known as a privacy browser, favored by political dissidents, journalists and others looking to be online anonymously. But a new report shows that almost a third of its traffic is fraudulent as well, pointing to its potential status as a criminals’ haven.

  7. China's Hidden Hacking-for-Hire Crew Behind Large-scale Cyber-espionage

    A highly sophisticated “hacker for hire” group operating out of China has surfaced. Not quite a crouching tiger or a hidden dragon, but somewhere in between, the “Hidden Lynx” hacking group is a team of professionals with a strong capacity and proven ability to adapt to current security practices – and it's behind several large-scale APTs.

  8. Digital Advertising Alliance Leaves the Do Not Track Working Group

    The W3C working party tasked with defining the mechanisms that will underpin Do Not Track processes is now in serious danger of collapse following the third major defection in as many months.

  9. Surveillance Court: NSA’s Data Collection Does Not Violate Fourth Amendment

    The Foreign Intelligence Surveillance Court yesterday published an opinion, written on August 29 by Judge Claire Eagen, explaining the legal reasoning behind its order authorizing the NSA to collect data on all US telephone calls.

  10. The Stealthy Hardware Trojan that Can Affect Intel Ivy Bridge Processors

    A team from universities in the US, Netherlands, Switzerland and Germany have published research demonstrating that subtle changes below the gate level of chips can alter functionality in a controlled but covert manner.

  11. Mobile Pwn2Own to Pay $300K for iPhone and Android Zero-day Exploits

    Itching to jailbreak Apple's iOS 7? Ready to root a Samsung KNOX phone? Frothing at the mouth to show vulnerabilities in the iPhone 5S fingerprint reader? And get paid for it? Well if so, you’re in luck: HP’s Zero Day Initiative (ZDI) has announced the second annual Mobile Pwn2Own competition, to be held on November 13–14 of this year.

  12. Solving the TPM Uptake Challenge

    Trusted platform modules (TPM) have been around for more than 10 years, but adoption of them by users has been slow going. Led by Infosecurity magazine’s Drew Amorosi, a panel of industry experts came together at the Trusted Computing Conference in Orlando last week to discuss TPM adoption and the outlook for better uptake moving forward.

  13. OSINT: You Don't Need to Work for the NSA or GCHQ to Spy on People

    While the world has been hearing about the surveillance techniques of the spy agencies in the US and UK, the capabilities available to anyone through Open Source Intelligence (OSINT) products have been quietly expanding.

  14. Symantec to Revoke SSL Certificates Starting Oct. 1

    The deadline for abandoning SSL certificates with less than 2048-bit keys is approaching, and as of Dec. 31 of this year will be revoked. At least one vendor is setting an earlier deadline: for Symantec, it’s Oct. 1.

  15. Belgacom Hacked; NSA Involvement Suspected

    Coinciding with a report in De Standaard, Belgian telecoms firm Belgacom issued a statement yesterday saying it had successfully cleansed its internal network of "an unknown virus in a number of units in our internal IT-system."

  16. (ISC)² Dishes Out Latest Scholarships to Combat IT Security Workforce Lag

    The (ISC)² Foundation has announced the recipients of its 2013 information security scholarships.

  17. Medical ID Fraud Costs Consumers $12bn in Out-of-Pocket Costs

    With all of the debate in the US about Medicare and health insurance changes, it’s easy to overlook one big national healthcare issue that has life-threatening and hefty financial consequences: medical identity theft.

  18. Cyber-Gang Attempts Santander Bank Heist with $20 Device

    The term “bank heist” may conjure up an Ocean's 11-style strike involving laser alarms and perhaps even a contortionist or two, but the everyday reality is much more mundane. Take, for instance, the alleged plot by 12 men to steal millions from a branch of European bank Santander remotely, using a cheap and readily available keyboard video mouse device.

  19. NSA Shown to Operate a MITM Hack in Brazil

    In case any doubts remain, new Snowden revelations first published in Brazil, show that the NSA engages in economic espionage, uses mainstream hacking techniques, and spies on diplomats and the banking system.

  20. NCC Group CEO Launches £1m Charity Campaign

    Rob Cotton, the CEO of global information assurance firm NCC Group, has launched an ambitious new campaign to raise £1million for The Christie charity.

Why not watch?

  1. Supply Chain Risk and Mitigation in Operational Technology

  2. How to Secure Industrial IP with Data Loss Protection Strategies

  3. Unpacking the Top Vulnerabilities Exploited by Sophisticated Attackers

  4. Going Beyond Traditional Attack Surface Management with Cyber Threat Intelligence

What’s hot on Infosecurity Magazine?