Infosecurity News

  1. APT Threat Actors Exploit IE Vulnerability

    An IE zero-day vulnerability only made public knowledge by Microsoft two weeks ago has already been used by multiple APT threat actors, including Deputy Dog, Taidoor, th3bug, and Web2Crew.

  2. Project Sonar Kicks Off Crowdsourced, Internet-Wide Security Scanning

    Crowdsourcing is being used for everything from start-up funding to news reporting, and it makes sense that the idea would make it to the security community. Rapid7 has kicked off Project Sonar, a collaborative effort to improve security through the active, comprehensive analysis of public networks. This includes running enormous scans across public internet-facing systems, organizing the results and sharing the data with the information security community.

  3. NSA Creates Detailed Graphical Analyses that Include Americans' Metadata

    The latest Edward Snowden leaks show that the NSA not merely collects metadata (everything about a communication excluding the content) from Americans and non-Americans alike, it generates automatic graphical analyses from that data.

  4. Britain's Defense Policy Adds Cyber Deterrence to Nuclear Deterrence

    "You deter people by having an offensive capability. We will build in Britain a cyber strike capability so we can strike back in cyber space against enemies who attack us," said UK Defence Secretary Philip Hammond.

  5. London Teenager Arrested in Connection with Spamhaus DDoS

    In March this year, anti-spam website Spamhaus suffered a distributed denial-of-service (DDoS) attack that peaked at 300 gigabits per second, the largest ever recorded and sufficient to disrupt the internet itself in some parts of Europe.

  6. (ISC)² Congress 2013: Financial Market Manipulation Poised as Next Wave in Cybercrime

    Scott Borg, the man who foresaw a Stuxnet-style cyber-attack years before it was discovered, has issued his latest prediction: manipulation of financial markets will be the long-term cybercrime wave of the future.

  7. Intermedia Buys UK Cloud SSO firm SaaSID

    Intermedia, a US provider of cloud-based business applications, has acquired SaaSID, a UK start-up that provides SSO across all cloud services from any device.

  8. The Five Personas of Cloud Adoption

    It is no longer enough to say that business comprises those who have adopted cloud technology and those who will adopt cloud technology. New research from NTT Com Security (erstwhile Integralis) describes five separate personas in attitude to cloud; although they still range from those that have yet to adopt to those that have totally embraced the new technology.

  9. In 2020, Cyberthreats Get Physical and the Internet of Things Opens Gaping Security Holes

    From cloud-powered denial-of-service attacks and Big Data vulnerabilities to bio-hacks that defeat authentication systems like fingerprint recognition, we are on the cusp of a brave new world of cyber-attack exploits, Europol warns.

  10. Companies' Cloud Risk Assessments Are Wildly Off

    Even as headlines focus on the security of one’s internet-based cloud communications, at least one study shows that organizations lack the information to understand and mitigate the broader set of risks posed by the use of cloud services. In fact, their assumptions about which services are risky to use tend to be significantly off.

  11. Icefog: APT Hackers for Hire and Deliveries to Order

    While traditional APTs attack high profile major industry targets with persistent and evasive malware, researchers have described a new approach: small scale, fast moving hackers that target the supply chain.

  12. Vulnerability: Javascript Allowed to Run in the Mailbox iOS App

    Mailbox has fixed a flaw in the Mailbox app client (that allows embedded Javascript to run) by filtering out JS code at the company's servers before the mail hits the client – all within 48 hours of full disclosure.

  13. LexisNexis, Dun & Bradstreet and Kroll Background America (or Altegrity) All Hacked, Says Krebs

    Some of the leading data brokers in the US have all been hacked to provide the raw resources (SSNs, date of birth and other personal details) that were resold on the underground ssndob[dot]ms website, claims security researcher Brian Krebs.

  14. Hacker Halted 2013: Charlie Miller says Mobile Attacks are Just Hype

    Charlie Miller, computer security researcher at Twitter, declared mobile threats “all hype” despite media headlines suggesting that they are a number one security concern.

  15. F-Secure's Threat Report H1 2013

    F-Secure's Threat Report for the first half of 2013 says that threat vectors have remained similar but got worse over the first half of this year. Watering hole attacks and mobile malware are good examples.

  16. IE 0-Day Probably Tied to the Hidden Lynx Hacking Group

    Last week Microsoft issued a warning on a new zero-day exploit being used in targeted attacks. On the same day researchers published details on the Hidden Lynx hacking group. Now new research ties the IE 0-day to those same hackers.

  17. SafeGov Calls for Greater Controls Over the Use of Google Services in European Schools

    The low cost of Chromebooks coupled with the 'free' use of Google Apps and their in-built capacity for collaborative work threatens to revolutionize computing in schools. But SafeGov is warning that it may come at the unacceptable cost of the privacy of a vulnerable section of society: schoolchildren.

  18. Chaos Computer Club First to Hack Apple Touch ID

    In a stinging rebuke on the concept of fingerprint security, Germany's Chaos Computer Club hacks the iPhone 5s fingerprint access and claims "that fingerprint biometrics is unsuitable as access control method and should be avoided."

  19. Shylock Malware Surges to Target Vast Swath of Banking Sector

    A resurgence of the Shylock/Capshaw banking threat has hit banks across the EU again, as well as several top US banks. In all, Capshaw is this time being found to affect at least 24 financial institutions.

  20. NCC Group CEO Completes 600km Mountain Cycle for Charity

    Eight leading North West businessmen, including Rob Cotton, CEO of NCC Group, celebrated an epic success this week, raising over £210,000 to date for The Christie NHS Trust while beating the hardest stages of the Tour de France route in the process.

Why not watch?

  1. Mastering Australian Privacy Act and Essential Eight While Improving Cybersecurity Posture

  2. Navigating Exposures in Energy ICS Environments

  3. New Cyber Regulations: What it Means for UK and EU Businesses

  4. Identifying Concentration Risk and Securing the Supply Chain

What’s hot on Infosecurity Magazine?