Infosecurity News

  1. Sex and Violence: Teens' Risky Online Behavior Increases Cyber-bullying

    Most parents worry about their kids’ online behavior, especially as news of Facebook suicide campaigns, sexting and other alarming digital phenomena dominate the headlines.

  2. Honey Encryption joins Honeywords and Honeypots in the Security Lexicon

    'Honey' is the traditional term used to indicate a 'decoy' in computing. Two researchers have now used the epithet to describe their process of hiding a true key within a large number of false keys, making brute forcing stolen databases considerably more tricky.

  3. Multi-platform Java Bot Provokes DDoS Floods

    A new malicious Java application aimed at fomenting widespread distributed denial-of-service (DDoS) attacks is making the rounds: a multi-platform bot capable of running on Windows, Mac OS and Linux.

  4. Google sells Motorola to Lenovo

    Patent stripping is a form of asset stripping – but less destructive. It seems to be what Google has done with Motorola. It bought Motorola for $12.5 billion in 2011, and announced an agreement yesterday to sell it to Lenovo for $2.91 billion – minus the patents.

  5. SpyEye Trojan Author Pleads Guilty As Charged

    The FBI announced yesterday that Aleksandr Andreevich Panin, aka 'Gribodemon' and 'Harderman' has pled guilty to charges accusing him of being the primary developer and distributor of the SpyEye banking trojan.

  6. Mozilla Patches Thunderbird Remote Exploit Vulnerability

    Mozilla Thunderbird, a free, open-source, cross-platform application for managing email and news feeds, has a critical validation and filter bypass vulnerability in version 17.0.6.

  7. The Blackholing Side-effect of IP Reputation Filtering

    A new report from a secure cloud hosting company shows that the effective use of IP reputation filtering creates an additional, or 'blackhole', layer of security. When probes from known attack sites return no response, the attackers don't probe deeper, they just give up and move on to an easier target.

  8. NSA and GCHQ Harvest User Data From Leaky Mobile Apps

    Security experts have long warned that users should be more concerned about the sometimes excessive personal data that some apps take from their hosts. Now it seems that criminals and advertisers are not the only people interested in this information: NSA and GCHQ have been developing the ability to take advantage of leaky mobile apps.

  9. Michaels Investigates Possible Data Breach

    Hard on the heels of Target and Neiman Marcus being hit with point-of-sale cyber-heists, another retailer is warning of a potential data breach. The arts-and-crafts supply purveyor Michaels has confirmed that it is working with the US Secret Service to investigate whether fraudulent activity on some payment cards used at its stores is a sign of a larger compromise of its systems.

  10. 13 Indicted for Stealing $2 Million in Gas Pump Skimming Scam

    Paying for gas at the pump has become a way of life, but even this innocuous activity can open consumers up to identity theft. Case in point: thirteen defendants are facing a whopping 426-count indictment in Manhattan for stealing more than $2 million by way of skimming devices at gas stations throughout the Southern United States.

  11. 74,000 Data Records Breached on Stolen Coca-Cola Laptops

    Coca-cola admitted Friday to the theft of an unspecified number of laptops containing personal information on 74,000 individuals – including, it turns out, variously social security numbers, driving license details, salaries, and ethnicity; but fewer than ten credit card numbers. Data loss prevention, it would appear, was not in operation.

  12. Multiple Hacker Arrests in Collaborative International Operation

    The FBI announced Friday that it had arrested two operators of a US-based e-mail hacking website, and three customers of foreign e-mail hacking sites. Operators of foreign e-mail hacking sites were arrested by national authorities in Romania, India and China in what is believed to be the first joint operation involving these four countries.

  13. Syrian Electronic Army Escalated Tactics Over 2013; Poised for More this Year

    The hacktivist group known as the Syrian Electronic Army was a particularly active adversary in the second half of 2013, and remains one of the top global threat actors to watch in the coming year as the Syrian conflict drags on – not least because of the group’s ability to morph its techniques to keep things interesting.

  14. New Android Malware Intercepts Calls and Texts

    Mobile malware victims may have several reactions upon discovering a smartphone infection, but chuckling is likely not one of them. Nonetheless, a new Android malware threat dubbed "HeHe" has been identified that steals text messages and intercepts and disconnects phone calls.

  15. Energetic (Russian) Bear Attacking Western Energy Sector

    Energetic Bear is the name given to a hacking group, most likely Russian, that appears to be primarily targeting the western energy sector. Although only one part of a new Global Threat Report for 2013, it is the part attracting most attention and interest: Russia is potentially joining China (and the NSA) as an alleged source of state-sponsored espionage.

  16. World Economic Forum Website Faces Vulnerabilities, Just in Time for Davos

    This week, economic and political movers and shakers are set to descend upon Davos, the Swiss ski resort that annually hosts what is arguably one of the most important international confabs in existence: the World Economic Forum. Unfortunately, virtual visitors have more than raclette and high finance to consider: the Forum's website has three known cross-site scripting errors, along with privacy concerns.

  17. Credit Card Details of 20 Million South Koreans Stolen

    In a classic 'insider' breach, an employee of the Korea Credit Bureau (KCB) has been arrested for stealing and later selling the personal details of millions of South Koreans to phone marketing companies. The Financial Supervisory Service (FSS) has said that the credit card firms will cover any financial losses suffered by customers through this incident.

  18. Judge Rules That Google Can Be Sued By Brits In British Courts

    In an important ruling, Mr Justice Tugendhat has cleared the way for the group of Brits known as Safari Users Against Google's Secret Tracking to sue Google in the the British courts. Google had argued that the case should be heard in the US. Mr Justice Tugendhat disagrees.

  19. Cisco Small Biz Wi-Fi Products Remotely Vulnerable

    Popular Cisco Wi-Fi routers for small and medium-sized businesses are in the cross-hairs thanks to a vulnerability that could allow an unauthenticated, remote attacker to gain root-level access to an affected device – and from there intercept information from devices that attach to it.

  20. Trojan Minecraft App Version Uses Smalihook to Defeat Certificate Signing

    A false version of the popular Android Minecraft PE app is being sold via Russian app stores for around half the price of the official app. Since third party app stores are not generally as thorough as Google's Play Store at finding and removing bad apps, they have become a popular means for distributing cloned and compromised apps.

Why not watch?

  1. Navigating Exposures in Energy ICS Environments

  2. Alert Fatigue: What Are You and Your Security Teams Missing?

  3. Dispelling the Myths of Defense-Grade Cybersecurity

  4. Reinforcing Firewall Security: The Need to Adapt to Persistent Cyber Threats

What’s hot on Infosecurity Magazine?