Infosecurity News

  1. Lawyer Throws Spanner in EU Data Protection Regulation

    Two months after European justice ministers agreed the principle of the 'one-stop-shop' for data protection rulings, Hubert Legal (head of legal services for the European Council; that is, the member states) declared it would be a bad outcome likely in breach of European human rights.

  2. Dexter POS Malware Returns to Target Holiday Shoppers

    At least three distinct versions of the Dexter point of sale (POS) malware are making the rounds this holiday season, designed to steal credit and debit card data from unwitting shoppers.

  3. 2 Million-Strong ZeroAccess Botnet Disrupted by Microsoft and Law Enforcement

    An international cooperative effort involving Microsoft, the FBI, Europol and A10 Networks has disrupted the ZeroAccess (Sirefef) P2P ad fraud botnet. ZeroAccess is believed to use up to 800,000 out of a total of two million infected PCs at any time, mostly in the US and Europe, capable of stealing $2.7 million from online advertisers every month.

  4. SkyJack: For Taking Over and Zombifying Drones

    Amazon made headlines this week with the news that its experimenting with using airborne drones to deliver goods within 30 minutes of order. What could possibly go wrong? Infamous hacker Samy Kamkar highlights one issue with the release of SkyJack – a drone that’s meant to take over other drones.

  5. German Police Arrest Two Bitcoin-mining Botnet Operators

    Two alleged hackers have been arrested in Bavaria and Lower Saxony on suspicion of operating a botnet of compromised PCs to perform bitcoin mining. In related raids, the authorities discovered bitcoins currently valued at around €700,000 and evidence of other criminal activity involving copyright and pornography offenses.

  6. Cameron Says China Should Be More Open About Cyber-spying, but Guardian Should be Less

    In Beijing, UK Prime Minister David Cameron has challenged the Chinese Government to discuss its industrial-scale cyber-espionage, while in London the Guardian is under legal threat for disclosing GCHQ's own efforts in this area.

  7. ENISA Issues Good Practice Guide for Industrial Control System CERTs

    The European Network and Information Security Agency (ENISA) has published a good practice guide designed to help the critical infrastructure mitigate cyber-attacks against the industrial control systems supporting vital industry processes.

  8. Simple Yet Elegant Card Skimmer Goes on Sale in Time for the Holidays

    A new point-of-sale (POS) skimmer, used for lifting credit card details and PIN data at retail locations, has gone on sale for thousands of dollars on semi-private underground crime forums. The skimmer is notable in that it can be installed and removed in the blink of an eye.

  9. 700 Domains seized by ICE, Europol and Hong Kong Customs on Cyber Monday

    This year's Cyber Monday, traditionally the start of the holiday online shopping season, marked the end of it for more than 700 websites involved in selling counterfeit merchandise – all seized in a joint operation between ICE (297), Europol (393) and Hong Kong Customs (16).

  10. Javascript Sidedoors Vulnerability Affects Thousands of Mobile Apps

    This story has been temporarily removed, due to dispute with the report the story was based on. We are awaiting amends from the report authors before re-posting an updated story.

  11. FBI Issues Warning on 'Man-in-the-E-mail' Fraud Attacks

    Man-in-the-email is a variation on the man-in-the-middle attack. In this fraud the attacker takes an e-mail position between a buyer and seller, and is able to defraud the buyer out of funds and the seller out of goods. The FBI knows at least three US companies tricked by such a scam in 2013.

  12. Bitcoin Mining: There's a Right Way and a PUP Way

    With the value of bitcoins having tipped $1000, bitcoin mining is increasingly attractive; but it is also resource-intensive, and the 'bounty' earned by miners is dropping. One company has built a specialist data center to do the mining; another dubiously harnesses the power of its users' PCs.

  13. 90,000 Patients Compromised at UW Medicine

    The University of Washington Medical Center (UW Medicine) was breached in October, with data of up to 90,000 patients of the Harborview Medical Center and University of Washington Medical Center affected. No medical data was stolen, but SSNs may have been lost.

  14. Blackshades RAT Has a Resurgence

    A prominent remote administration tool (RAT) known as Blackshades is seeing an uptick lately, despite one of its authors having been arrested last year.

  15. The Paradox of OSS: More Secure by Definition; Often Less Secure in Use

    One side-effect of the Snowden revelations and rumors and accusations of government-inspired backdoors in mainstream software products is increased interest in open source software (OSS). But while OSS comes with more inherent trust, it is often used with less security.

  16. Defeating Eavesdropping in Wireless Communications

    While it is possible – to some degree – to protect a physical cable, wireless communications are out in the open, ready to be plucked from the air. Encryption has been considered the only way to protect wireless data – until now.

  17. Mass Surveillance: EU Gets More Cooperation From Washington Than London

    It was clear last week that the European Parliament's demand for legal redress in US courts for Europeans whose rights may have been infringed by US surveillance would be a sticking point in negotiations between the EU and US over data sharing. Now commissioner Reding has made it clear that her concerns are more widespread.

  18. AutoCAD Malware Targets Industrial Espionage

    Historically, AutoCAD malware is very rare, although not completely unheard of – there was an attack last year that targeted users mostly in Peru, for example. A new bug is now making the rounds, targeting these graphics and engineering platforms with exploits targeting old vulnerabilities. The goal is industrial espionage, but it could take a multi-layer infection to do it.

  19. Thanksgiving and Cyber Monday Approach: Watch Your Employees

    Door-busters, Black Friday, Cyber Monday: According to Visa, 140 million people plan to shop over Thanksgiving weekend this year – a significant decrease from the 247 million who did so in 2012. Nonetheless, 37% of Americans said they will shop on Black Friday, while 34% plan to shop on Cyber Monday. And that means security risk for companies, whose employees will undoubtedly be shopping online during work hours.

  20. i2Ninja Banking Trojan Uses Tor-like P2P Encryption

    Banking trojans continue to be the scourge of the web, with Zeus, Citadel, Ramnit, Spyeye and others continuing to infect machines on a widespread basis. But a new offering has been uncovered in a Russian cybercrime forum, a malware variant that, until now, has been working incognito – the i2Ninja malware.

Why not watch?

  1. Reinforcing Firewall Security: The Need to Adapt to Persistent Cyber Threats

  2. Alert Fatigue: What Are You and Your Security Teams Missing?

  3. Dispelling the Myths of Defense-Grade Cybersecurity

  4. Mastering Australian Privacy Act and Essential Eight While Improving Cybersecurity Posture

What’s hot on Infosecurity Magazine?