Infosecurity News

  1. The Five Personas of Cloud Adoption

    It is no longer enough to say that business comprises those who have adopted cloud technology and those who will adopt cloud technology. New research from NTT Com Security (erstwhile Integralis) describes five separate personas in attitude to cloud; although they still range from those that have yet to adopt to those that have totally embraced the new technology.

  2. In 2020, Cyberthreats Get Physical and the Internet of Things Opens Gaping Security Holes

    From cloud-powered denial-of-service attacks and Big Data vulnerabilities to bio-hacks that defeat authentication systems like fingerprint recognition, we are on the cusp of a brave new world of cyber-attack exploits, Europol warns.

  3. Companies' Cloud Risk Assessments Are Wildly Off

    Even as headlines focus on the security of one’s internet-based cloud communications, at least one study shows that organizations lack the information to understand and mitigate the broader set of risks posed by the use of cloud services. In fact, their assumptions about which services are risky to use tend to be significantly off.

  4. Icefog: APT Hackers for Hire and Deliveries to Order

    While traditional APTs attack high profile major industry targets with persistent and evasive malware, researchers have described a new approach: small scale, fast moving hackers that target the supply chain.

  5. Vulnerability: Javascript Allowed to Run in the Mailbox iOS App

    Mailbox has fixed a flaw in the Mailbox app client (that allows embedded Javascript to run) by filtering out JS code at the company's servers before the mail hits the client – all within 48 hours of full disclosure.

  6. LexisNexis, Dun & Bradstreet and Kroll Background America (or Altegrity) All Hacked, Says Krebs

    Some of the leading data brokers in the US have all been hacked to provide the raw resources (SSNs, date of birth and other personal details) that were resold on the underground ssndob[dot]ms website, claims security researcher Brian Krebs.

  7. Hacker Halted 2013: Charlie Miller says Mobile Attacks are Just Hype

    Charlie Miller, computer security researcher at Twitter, declared mobile threats “all hype” despite media headlines suggesting that they are a number one security concern.

  8. F-Secure's Threat Report H1 2013

    F-Secure's Threat Report for the first half of 2013 says that threat vectors have remained similar but got worse over the first half of this year. Watering hole attacks and mobile malware are good examples.

  9. IE 0-Day Probably Tied to the Hidden Lynx Hacking Group

    Last week Microsoft issued a warning on a new zero-day exploit being used in targeted attacks. On the same day researchers published details on the Hidden Lynx hacking group. Now new research ties the IE 0-day to those same hackers.

  10. SafeGov Calls for Greater Controls Over the Use of Google Services in European Schools

    The low cost of Chromebooks coupled with the 'free' use of Google Apps and their in-built capacity for collaborative work threatens to revolutionize computing in schools. But SafeGov is warning that it may come at the unacceptable cost of the privacy of a vulnerable section of society: schoolchildren.

  11. Chaos Computer Club First to Hack Apple Touch ID

    In a stinging rebuke on the concept of fingerprint security, Germany's Chaos Computer Club hacks the iPhone 5s fingerprint access and claims "that fingerprint biometrics is unsuitable as access control method and should be avoided."

  12. Shylock Malware Surges to Target Vast Swath of Banking Sector

    A resurgence of the Shylock/Capshaw banking threat has hit banks across the EU again, as well as several top US banks. In all, Capshaw is this time being found to affect at least 24 financial institutions.

  13. NCC Group CEO Completes 600km Mountain Cycle for Charity

    Eight leading North West businessmen, including Rob Cotton, CEO of NCC Group, celebrated an epic success this week, raising over £210,000 to date for The Christie NHS Trust while beating the hardest stages of the Tour de France route in the process.

  14. FireEye Goes Public; Trading on NASDAQ Expected Today

    Market confidence in Silicon Valley is rising again. While Twitter has announced plans for an IPO, FireEye has proceeded with its own, selling more shares at a higher price than at first intended.

  15. RSA Says Don't Use NIST Crypto Algorithm

    Last week NIST recommended that its elliptic curve specification 'no longer be used.' Now, in an email advisory sent to customers, RSA strongly recommends that developers discontinue use of Dual EC DRBG and move to a different PRNG.

  16. Apple iOS 7: A Security Overview

    Apple's new iOS 7, pre-loaded on the new iPhone 5s and 5c, is also available for download to older devices. It is said to include more than 200 new features – here we look at some of the security aspects and issues.

  17. 30% of Tor Web Browser Transactions Found to Be Fraudulent

    Tor is known as a privacy browser, favored by political dissidents, journalists and others looking to be online anonymously. But a new report shows that almost a third of its traffic is fraudulent as well, pointing to its potential status as a criminals’ haven.

  18. China's Hidden Hacking-for-Hire Crew Behind Large-scale Cyber-espionage

    A highly sophisticated “hacker for hire” group operating out of China has surfaced. Not quite a crouching tiger or a hidden dragon, but somewhere in between, the “Hidden Lynx” hacking group is a team of professionals with a strong capacity and proven ability to adapt to current security practices – and it's behind several large-scale APTs.

  19. Digital Advertising Alliance Leaves the Do Not Track Working Group

    The W3C working party tasked with defining the mechanisms that will underpin Do Not Track processes is now in serious danger of collapse following the third major defection in as many months.

  20. Surveillance Court: NSA’s Data Collection Does Not Violate Fourth Amendment

    The Foreign Intelligence Surveillance Court yesterday published an opinion, written on August 29 by Judge Claire Eagen, explaining the legal reasoning behind its order authorizing the NSA to collect data on all US telephone calls.

Why not watch?

  1. Learn Key Strategies for Industrial Data Security

  2. New Cyber Regulations: What it Means for UK and EU Businesses

  3. Going Beyond Traditional Attack Surface Management with Cyber Threat Intelligence

  4. Supercharge Your Security With Intelligence-Driven Threat Hunting

What’s hot on Infosecurity Magazine?