Infosecurity News
FireEye Goes Public; Trading on NASDAQ Expected Today
Market confidence in Silicon Valley is rising again. While Twitter has announced plans for an IPO, FireEye has proceeded with its own, selling more shares at a higher price than at first intended.
RSA Says Don't Use NIST Crypto Algorithm
Last week NIST recommended that its elliptic curve specification 'no longer be used.' Now, in an email advisory sent to customers, RSA strongly recommends that developers discontinue use of Dual EC DRBG and move to a different PRNG.
Apple iOS 7: A Security Overview
Apple's new iOS 7, pre-loaded on the new iPhone 5s and 5c, is also available for download to older devices. It is said to include more than 200 new features – here we look at some of the security aspects and issues.
30% of Tor Web Browser Transactions Found to Be Fraudulent
Tor is known as a privacy browser, favored by political dissidents, journalists and others looking to be online anonymously. But a new report shows that almost a third of its traffic is fraudulent as well, pointing to its potential status as a criminals’ haven.
China's Hidden Hacking-for-Hire Crew Behind Large-scale Cyber-espionage
A highly sophisticated “hacker for hire” group operating out of China has surfaced. Not quite a crouching tiger or a hidden dragon, but somewhere in between, the “Hidden Lynx” hacking group is a team of professionals with a strong capacity and proven ability to adapt to current security practices – and it's behind several large-scale APTs.
Digital Advertising Alliance Leaves the Do Not Track Working Group
The W3C working party tasked with defining the mechanisms that will underpin Do Not Track processes is now in serious danger of collapse following the third major defection in as many months.
Surveillance Court: NSA’s Data Collection Does Not Violate Fourth Amendment
The Foreign Intelligence Surveillance Court yesterday published an opinion, written on August 29 by Judge Claire Eagen, explaining the legal reasoning behind its order authorizing the NSA to collect data on all US telephone calls.
The Stealthy Hardware Trojan that Can Affect Intel Ivy Bridge Processors
A team from universities in the US, Netherlands, Switzerland and Germany have published research demonstrating that subtle changes below the gate level of chips can alter functionality in a controlled but covert manner.
Mobile Pwn2Own to Pay $300K for iPhone and Android Zero-day Exploits
Itching to jailbreak Apple's iOS 7? Ready to root a Samsung KNOX phone? Frothing at the mouth to show vulnerabilities in the iPhone 5S fingerprint reader? And get paid for it? Well if so, you’re in luck: HP’s Zero Day Initiative (ZDI) has announced the second annual Mobile Pwn2Own competition, to be held on November 13–14 of this year.
Solving the TPM Uptake Challenge
Trusted platform modules (TPM) have been around for more than 10 years, but adoption of them by users has been slow going. Led by Infosecurity magazine’s Drew Amorosi, a panel of industry experts came together at the Trusted Computing Conference in Orlando last week to discuss TPM adoption and the outlook for better uptake moving forward.
OSINT: You Don't Need to Work for the NSA or GCHQ to Spy on People
While the world has been hearing about the surveillance techniques of the spy agencies in the US and UK, the capabilities available to anyone through Open Source Intelligence (OSINT) products have been quietly expanding.
Symantec to Revoke SSL Certificates Starting Oct. 1
The deadline for abandoning SSL certificates with less than 2048-bit keys is approaching, and as of Dec. 31 of this year will be revoked. At least one vendor is setting an earlier deadline: for Symantec, it’s Oct. 1.
Belgacom Hacked; NSA Involvement Suspected
Coinciding with a report in De Standaard, Belgian telecoms firm Belgacom issued a statement yesterday saying it had successfully cleansed its internal network of "an unknown virus in a number of units in our internal IT-system."
(ISC)² Dishes Out Latest Scholarships to Combat IT Security Workforce Lag
The (ISC)² Foundation has announced the recipients of its 2013 information security scholarships.
Medical ID Fraud Costs Consumers $12bn in Out-of-Pocket Costs
With all of the debate in the US about Medicare and health insurance changes, it’s easy to overlook one big national healthcare issue that has life-threatening and hefty financial consequences: medical identity theft.
Cyber-Gang Attempts Santander Bank Heist with $20 Device
The term “bank heist” may conjure up an Ocean's 11-style strike involving laser alarms and perhaps even a contortionist or two, but the everyday reality is much more mundane. Take, for instance, the alleged plot by 12 men to steal millions from a branch of European bank Santander remotely, using a cheap and readily available keyboard video mouse device.
NSA Shown to Operate a MITM Hack in Brazil
In case any doubts remain, new Snowden revelations first published in Brazil, show that the NSA engages in economic espionage, uses mainstream hacking techniques, and spies on diplomats and the banking system.
NCC Group CEO Launches £1m Charity Campaign
Rob Cotton, the CEO of global information assurance firm NCC Group, has launched an ambitious new campaign to raise £1million for The Christie charity.
NIST Says Don't Use our Crypto Algorithm
Standing accused of NSA interference in its processes, and backdoors in its algorithms, NIST now says our crypto standards and processes are sound -- but don't use the elliptic curve algorithm.
Twitter Announces Intention to Go Public
Fittingly, Twitter tweeted its Thursday announcement: "We've confidentially submitted an S-1 to the SEC for a planned IPO. This Tweet does not constitute an offer of any securities for sale.” Now, back to work, it added.