Infosecurity News
US-CERT Warns of NTP Amplification Attack Surge
Network Time Protocol (NTP) amplification attacks, an emerging form of distributed denial-of-service (DDoS) that relies on the use of publicly accessible servers, is starting to make the rounds, US-CERT is warning.
Stroz Friedberg Snaps Up Financial Investigations Firm
The recent acquisition of Tyrian Partners by Stroz Friedberg aims to strengthen international forensic accounting services offered by the multinational forensic investigations specialist.
Patch Tuesday Preview: January 2014
Microsoft is extending the holiday period for Sys Admins this month: there are only four bulletins in January's Patch Tuesday; and not a single one marked 'critical'. Two, however, will require a restart, while the other two 'may' require a restart – so there will still be a degree of disruption involved.
Two Thirds of Personal Banking Apps Found Full of Vulnerabilities
A researcher looked at the security of home banking apps, and found shocking results. Forty home banking apps from the top 60 most influential banks in the world were tested and found to have major security weaknesses.
Narrative Authentication Builds Storytelling into Logins
Keywords, passphrases, 25-digit alphanumeric codes, picture recognition, biometrics –authentication is a notoriously difficult thing to effect while thwarting hackers the majority of the time, given the boundaries of human memory and the rampant presence of human error. To that end, a group of researchers have proposed a new sort of authentication approach that relies on personal stories.
Hacker Nabs Downton Abbey Season Finale Script
“Guccifer,” a hacker known for lifting high-profile information from A-listers, has managed to nab the script for Downton Abbey’s season finale, while also targeting emails of various other celebrities.
SAP Combines MDM with NAC to Solve its Own Mobile Security Challenges
Mobile device management (MDM) systems are gaining rapid adoption among enterprises that wish to better manage the increasing number of smartphones and tablets being used in corporate environments.
2014: ‘The Year of Encryption?’
Will 2014 see a big uptick in the use of biometric technologies, strong encryption, a rash of new key technologies and more? Some say that the era of having unencrypted data traffic flowing freely inside enterprises will likely soon come to a crashing halt, helped along by the US government, the Apple iPhone and other drivers.
US Backdoors in French Satellites Threatens Billion Dollar Deal With the UAE
A deal for two French Falcon Eye spy satellites, where cameras can detect very small objects on the ground, is in jeopardy after the UAE buyers claimed they contain US-made parts that are considered 'security compromising components.'
Yahoo Has Been Serving Malware To Its Users
On Friday 3 January, Dutch security firm Fox-IT detected malicious activity on some of its clients' networks – with a common factor: they had all previously visited yahoo.com. Further investigation revealed malvertising on the Yahoo site – and it is possible that millions of users have been infected via Yahoo.
The Ubiquitous SD Cards can be Hacked to Deliver a MITM Attack
Two researchers, Andrew 'bunnie' Huang, and Sean 'xobs' Cross, gave a talk at the Chaos Computer Congress describing how the ubiquitous flash memory card can be used to deliver a MITM attack against its host system. The problem is that SD cards are simply trusted, when perhaps they should not be.
AutoIT Surges as Malware Component
AutoIT, a flexible coding language that’s been used since 1999 for scripting in Windows, is now cropping up in next-gen malware like a Zeus variant that efficiently steals information from FTP sites and personal certificates.
Dangerous Trojan Targets World of Warcraft
Blizzard, the company behind the popular online multiplayer World of Warcraft game, has warned its gamers that a “dangerous Trojan” called Disker is being used to compromise player's accounts, even if they are using an authenticator for protection.
NSA Maintains Its Own Catalog of Advanced Hacking Tools
TAO, Tailored Access Operations, is the elite hacking group operated by the US National Security Agency. Its existence was exposed by the 'black budget' for 2013 leaked by Edward Snowden. Now Der Spiegel has published further details on the group that will play a major part in the projected infiltration of 85,000 computers around the world.
NSA Can Turn iPhones into Eavesdropping Equipment
Spook gadgets have come a long way from Maxwell Smart’s shoe phone. Reports have surfaced that the US National Security Agency can now turn iPhones into eavesdropping tools.
Boston Restaurant Group Hit by Data Breach
Customers at eight Boston-area dining establishments owned by the Briar Group may have had their credit and debit card data stolen. The mix of restaurants and Irish-style pubs are popular around the metro area, and include Anthem, City Bar, City Table, MJ O'Connor's, Ned Devine's, Solas, The Green Briar and The Harp.
4.6 Million Snapchat Usernames and Phone Numbers Leaked
Back in August, GibsonSec warned that Snapchat's API was insecure, and offered to help. It got no response, other than Snapchat adding some security features and implying it was safe. Apparently frustrated, GibsonSec published full details on Christmas Day.
Syrian Electronic Army Hacks Skype – Allegedly
Reports have emerged this morning about a short-lived hack of Skype's Twitter and WordPress accounts by the Syrian Electronic Army. No evidence of the hack remains, although screenshots purportedly demonstrate that it happened. Unusually, it is in protest of NSA surveillance and alleged Microsoft complicity, rather than Western involvement in Syria.
CryptoLocker's Ransom Haul Potentially Close to $1 Million in 100 Days
CryptoLocker, the ransomware that uses a public-private key combo to potentially lock out victims from their files forever, has been striking since mid-September. And since it made its debut, it’s managed to make off with at least $300,000, one $300-or-less ransom payment at a time.
Global Stock Exchanges Band Together on Cybersecurity Initiative
A worldwide group of top stock exchanges have gotten together to launch the industry’s first cybersecurity committee, with a mission to aid in the protection of global capital markets.