Infosecurity News
Twitter Uses Automation to Improve Security
The Twitter product security team are improving the security of their code by adopting more security automation.
LulzSec 'pirates' plead guilty to hacking
Four LulzSec members who claim to be "latter-day pirates" have plead guilty to hacking charges and compromising millions of people's information.
Game-changer: Android malware moves beyond apps
Android malware authors have officially turned the complexity corner, according to an analysis of mobile malware for the first quarter of 2013. The size and scope of the Android threatscape is evolving, adding new tactics and advanced approaches that extend beyond malicious applications.
Why is Microsoft reading users’ Skype messages?
Heise Security published a suggestion that Microsoft is reading users’ Skype messages, but Microsoft maintains automated scanning is used to identify suspected spam and phishing links.
More than 13,000 visitors attended Infosecurity Europe 2013
Infosecurity Europe has released basic figures on last month’s eighteenth annual exhibition and conference: pre-ABC audit figures show a 6% increase in visitors over 2012 to 13,200, with more than 70 new exhibitors.
DDoS-for-hire sevices turn to mainstream advertising
DDoS services for hire – so-called “booters” that can be hired to knock, or boot, a website offline – are making their way out of the dark shadow-world of hacker message boards and forums, instead taking payments via PayPal and advertising in mainstream venues like YouTube with handy videos featuring hired actors.
Howard Schmidt Announces SAFECode secure software development training
At the Security Development Conference in San Francisco, Howard Schmidt, executive director, SAFECode, announced that the non-for-profit organization is tackling software development and engineering security with a set of free online training courses, available via on-demand webcasts and covering a range of issues, from preventing SQL injection to avoiding cross-site request forgery.
Judge allows redacted disclosure of Reddit co-founder's documents
The US government and MIT/JSTOR had agreed that documents concerning the prosecution of Aaron Swartz could, in part, be made public. The Swartz estate asked for the documents in full. The court has denied the estate and allowed the government and MIT/JSTOR to redact certain information.
Mideast sabotage threats target US energy sector
A new crop of Mideast-originated cyberattacks are targeting the American energy sector, with the intent of sabotage, not just espionage.
Surveillance software targeted British/Bahraini citizen
A witness statement filed in the high court London claims that Gamma International’s FinFisher (FinSpy) covert surveillance software targeted the computer of a leading Bahraini activist who holds dual British and Bahraini citizenship.
Telecom fraud: a Chinese variant on the Police Trojan explained
Fraud is big business in China. Last year there were more than 170,000 cases causing losses of more than $12.5 billion. New evidence suggests this might be getting worse with increasingly sophisticated cyber fraud.
Snapchat’s expired snaps are not deleted, just hidden
Snapchat doesn’t delete expired photos on Android phones – it merely tells the operating system to ignore them. That means they are still available for retrieval with the right forensic software.
Hackers looted $45 million in global ATM heist
A global gang of hackers managed to siphon off $45 million from ATMs thanks to outdated US credit card technology.
Almost half of employees admit to bypassing security controls
Security shouldn’t get in the way of doing business and closing sales, but many organizations are wrestling with data protection strategies that block employees' ability to get the information they need to do their jobs. Almost half of all employees in a recent survey admitted to bypassing security regulations in order to get their job done. That's breeding apathy, too: 40% admitted that if they were breached no one would notice.
Chrome extension briefly allows DRM-free downloads from Spotify: Encryption may not be the answer
A Chrome extension called Downloadify allowed DRM-free downloads from Spotify’s library of 20 million songs before remedial action by Spotify and withdrawal from the Chrome store by Google.
Despite widespread adoption, companies fail to implement BYOD policy
As the influx of personal mobile devices into the workplace continues apace, a new survey shows that security is both the top concern and top measure for success for enterprises implementing bring-your-own-device (BYOD) programs.
ISO approves eDiscovery standards development
The International Organisation for Standardisation has given its final approval for the development of an international standard for the discovery of electronically stored information (ESI), aimed at giving greater credibility to digital evidence in legal matters and forensics through the implementation of a secure framework and guidelines for the process.
SMS phishing leads to an advance fee spam scam across Europe
A web text phishing scam is spreading across Europe, with users being tricked into allowing thousands of spam text messages to be sent from their accounts – and sometimes resulting in huge phone bills.
Fake AV attack on DC-area media shows rise of mass compromises
Two local Washington DC media outlets – WTOP and sister station Federal News Radio, and the Dvorak Uncensored pundit blog – all became the victims of bad actors looking to make a buck with scareware earlier this week. The stunt is indicative of a rising tide of mass compromises, researchers said.
AutoIT makes malware "outrageously easy"
AutoIT, a flexible coding language that’s been used since 1999 for scripting in Windows, is on the rise as a go-to development language for malware.
