Infosecurity News

  1. EA Games Targeted by Phishers Looking for Apple IDs

    EA Games, maker of popular gaming series including Sims, Plants vs. Zombies, Star Wars Battlefront and others, has been attacked by hackers bent on compromising more than a virtual rebel base. A server for its website has come under fire and is now hosting a phishing site that targets Apple ID account holders.

  2. Full Disclosure Mailing List Shuts Down

    John Cartwright, the operator of Full Disclosure, announced yesterday that he has shut down the mailing list. His own post, 'Administrivia: The End', is the final entry. It was always a controversial service, frequently publishing vulnerability details before vendors had patches available, but the manner of its passing has surprised many.

  3. Sally Beauty Supply Endures the Latest Retail Data Breach

    Security isn’t a cosmetic concern, as we’re seeing from the latest retail data breach report. Following the disclosure of an unauthorized attempted intrusion into its network on March 5, Sally Beauty Supply has reported that it has indeed suffered a data breach as well.

  4. NSA Collects the Whole Voice Conversation of an Entire Nation

    It could, in fact, be at least five nations, with a sixth scheduled for inclusion soon. These revelations were published yesterday in a report based on Snowden leaks just after Edward Snowden himself warned the TED2014 Conference audience in Vancouver that there are more – and worse – revelations to come.

  5. 19-Year Old Saves City of London From Certain Cyber Disaster – Takes Home Masterclass Title

    Once again, the UK's most promising amateur cyber defenders competed to defend the City of London from a simulated cyber-attack, as part of the Cyber Security Challenge Masterclass. A 19-year-old student was crowned the UK Cyber Security Champion after beating all comers over the course of a year-long competition that tested computer defense skills.

  6. Edward Snowden: The Internet Is Not Our Enemy, and Encryption Can Protect It

    Edward Snowden was a surprise speaker at TED2014 in Vancouver. Beamed in via a telepresence robot from his exile in Russia, he spoke to TED presenter Chris Anderson, and was joined by 'father of the web' Sir Tim Berners-Lee. Snowden said there is more to come, and that encryption remains the internet's best defense.

  7. Undetected for Years, Operation Windigo Affects Millions of Servers

    A vast spam and malware campaign has been uncovered that has seized control of more than 25,000 UNIX servers worldwide, daily affecting half a million computers. The backdoor trojan is responsible for sending more than 35 million spam emails every day.

  8. Trustwave Acquires Cenzic to Add Dynamic Testing

    Trustwave announced Tuesday that it has acquired Cenzic for an undisclosed sum, thus combining Trustwave's static application security testing capabilities and Cenzic's dynamic application security testing into a single platform.

  9. Commercial RAT Used by Malicious Hackers

    Win-Spy is a commercial off-the-shelf (COTS) stealth monitoring tool. "Start Spying on any PC or Phone within the Next 5 minutes," says its website. With such products generally available, why should hackers go to the trouble of developing their own RATs? Indeed, according to a FireEye analysis following an attempted intrusion on a US financial institution, they don't.

  10. Join the Grand Theft Auto 5 PC Beta Program Scam

    Everybody likes to be first. Publications like to be the first to publish news, politicians like to be the first with good news, and gamers like to be the first to experience a new game. That's what makes gamers such obvious targets for scams, spam and phishing campaigns based on new versions of popular games.

  11. Hollywood Likely to be Targeted by Chinese Hackers

    Hollywood appears to be emerging as a prime target not just for video pirates, but for Chinese hackers. This is the conclusion of security researchers who have examined the probable attitude of China toward the cultural impact of Hollywood.

  12. Security in Apple's iOS 7 Weaker, Not Stronger, than iOS 6

    Aware of weaknesses in the early_random() pseudo random number generator used in iOS 6, Apple switched to an entirely new generator in iOS 7. In doing so, however, it weakened rather than strengthened the random number generation that lies at the heart of many of the attack mitigations that supposedly make iOS a secure operating system.

  13. LightOut is Latest Cyber Threat to Target Energy Sector

    What happens when the energy grid goes down? Well the lights, of course, go out. A fresh advanced persistent threat (APT) targeting the energy sector is thus aptly named LightsOut, and like previous attacks, it used a watering hole method to start its system compromise.

  14. Backdoor Found in Samsung Galaxy

    A developer working on Replicant, an open-source free mobile operating system designed to replace all proprietary Android components with open-source alternatives, has discovered a backdoor in Samsung Galaxy that provides almost full access to user files, camera, microphone and location.

  15. Nokia Tackles Carrier Roles in Mobile Security with Berlin-based Cybersecurity Center

    With the infiltration of handheld devices into virtually every aspect of our consumer and enterprise lives, mobile networks should be considered critical infrastructure with high impact on public welfare and safety; and cyber-security should be addressed accordingly. That’s the premise behind Nokia Solutions and Networks’ plans to establish a Mobile Broadband Security Center in Berlin.

  16. Target May Have Ignored Pre-breach Intrusion Warning

    The largest retail breach in history happened at Target stores all over the country during the busy 2013 holiday shopping season, sparking 90+ lawsuits, a Congressional hearing, corporate restructuring and plummeting sales figures for the big-box retailer. But according to a report, it all could have been prevented – had the retail giant simply listened to its own internal early warning systems.

  17. ICS Flaws Discovered that Could Affect Thousands of Plant-monitoring Systems

    Industrial control systems (ICS) are a notorious weak link when it comes to securing mission-critical infrastructure, but progress in overhauling cyber-practices for this legacy software seems to be moving along at a snail’s pace. Case in point: yet another system, deployed in thousands of locations globally and often exposed to the internet, has been found to be eminently vulnerable.

  18. Government ID Theft Ringleader Gets 12 Years in Prison

    The leader of an identity theft ring that stole more than 600 identities from US government employees and others has been sentenced to serve 12 years in prison, followed by three years of supervised release.

  19. The NSA's Botnet of Botnets: an Active SIGINT System

    The latest revelations from the Snowden files, published by Glenn Greenwald's new venture The Intercept, show that NSA thinking has followed the same arguments developed by cybercriminals: if you wish to control a large number of subjects (infected computers) you need to automate the process with a command and control server. This is a botnet.

  20. Warning: DDoS Attack Volume Balloons 807.48% in Fresh Spike

    While network time protocol (NTP) amplification attacks have been a threat for many years, a new DDoS surge is ringing alarm bells: in just one month, February 2014, the number of NTP amplification attacks increased 371.43%. The average peak DDoS attack volume increased a staggering 807.48%.

What’s hot on Infosecurity Magazine?