Infosecurity News

  1. ENISA endorsed with a new 7 year EU mandate

    The European Network and Information Security Agency (ENISA) has received a new mandate from the European Parliament to continue and enhance its work: votes in favor, 626; against, 45; abstentions, 16.

  2. Linode web hosting hack used Adobe ColdFusion zero-day

    Web hosting provider Linode has been hit with a zero-day attack that compromised its database, including credit card numbers, parts of the source code and passwords. In a security notice the company said that it has instigated a full password reset for all accounts in the wake of the hit.

  3. Top Secret: secunet delivers sophisticated IT security solutions

    secunet Security Networks is one of Germany's leading providers of IT security services. Specializing in the protection of classified/sensitive information, the firm works closely with customers to develop and implement high-performance products and state-of-the-art IT security solutions.

  4. Mobile malware gets serious – RATs can bypass sandboxes and encryption

    Mobile remote access trojans are becoming increasingly sophisticated and increasingly successful – new research suggests that 1 in 1000 smartphones have mRATs installed.

  5. ICS-CERT reports two hacks on building management systems

    The latest issue of the ICS-CERT Monitor has described two similar hacks that happened last year where attackers used a weak credentials vulnerability to gain access to buildings’ energy management system (EMS), Tridium Niagara.

  6. Researcher finds five security holes in Linksys home routers

    Last year, independent security researcher Phil Purviance demonstrated a vulnerability in a WRT54GL router that would allow a hacker to design an internet worm that targeted them and turned the routers into a powerful botnet that is able to monitor traffic across all types of networks.

  7. Sourcefire appoints new CEO

    The Maryland-based security firm has named John Becker as its new chief executive

  8. Pincer.A – new Android trojan warning

    A new Android trojan that pretends to be a security feature has been discovered. Once installed, it displays a ‘certificate’ logo, which, if clicked, pops up a message: “Certificate installed successfully! Your device is protected now.”

  9. SpiderOak shares are vulnerable

    A few weeks ago research showed that Amazon’s public buckets can be more public than their owners intended. Now the original researcher shows that Amazon (and Apple’s MobileMe) file storage options are not alone: SpiderOak is also vulnerable.

  10. Darkleech infects 20,000 websites in just a few weeks

    Security researchers have long been aware of the Darkleech threat; but general public awareness is new. It is Apache 2.2.2+ web server malware that infects web pages and seeks to redirect visitors to other sites hosting exploit kits.

  11. US Army has gaping BYOD mobile security holes

    The effects of the bring-your-own-device (BYOD) phenomenon are being felt across the US military, according to a report from the US Inspector General’s office. It found that US military data security is woefully lacking when it comes to device tracking and policy enforcement. Most alarmingly, the military CIO’s office was found to be unaware of more than 14,000 mobile devices in active use across the US Army.

  12. Bitcoin hackers hit Mt. Gox and Instawallet with major attacks

    Bitcoin, the virtual currency employed for various web-related transactions, has been enjoying an epic valuation the last few days, reaching an all-time high of $142 per BTC this week according to trading platform Mt. Gox. That translates into $1 billion in BTC circulation, and the smell of money has apparently attracted hackers to the well: Two separate attacks, aimed at Mt. Gox as well as Instawallet, have caused major Bitcoin service interruptions.

  13. UK think-tank advocates a central hub for police social media intelligence

    Policing is intelligence led. Social media is a prime source of intelligence (SOCMINT – social media intelligence). To maximize the potential in SOCMINT it is suggested that the police should develop a central hub of social media expertise.

  14. Krebs outs Flashback author

    A year ago Flashback became the most prolific ever Mac virus, infecting an estimated 650,000 Macs. Now researcher and blogger Brian Krebs names the man he believes to have authored the trojan.

  15. Zombie survivalist game, The War Z, taken offline following password hack

    Gaming platforms, from the Sony PlayStation Network data heist to a break-in of the Gamingo platform one year ago are sporadic but compelling targets for hackers, thanks to their ability to touch so many users at one time. The latest gaming victim is the online multiplayer game, The War Z, which has been taken offline after the compromise of thousands of user accounts.

  16. Hundreds of Japanese one-click scams found infesting Google Play store

    Niche-focused malware is becoming more prevalent as targeted attack vectors continue to pay off in terms of social engineering.

  17. London Underground users can now be hacked at more than 100 Tube stations

    The introduction of Virgin Media’s WiFi to the London Underground is a valuable addition to the UK capital’s anywhere, anytime attitude towards work and the internet – access via mobile phones and tablets need no longer be affected simply because the user is 20 metres underground.

  18. Firefox 20: 11 security fixes and improved private browsing

    Firefox 20 was released on Tuesday. It includes 3 critical, 4 high, and 4 moderate vulnerability fixes; plus several enhancements including a private browsing mode and improved download manager.

  19. LockLizard extends PDF rights management security to the iOS platform

    The London-based digital rights management (DRM) specialist has released its latest Secure PDF Viewer for the iOS mobile operating system

  20. BaneChant trojan hides behind multiple mouse clicks

    A backdoor trojan apparently aimed at the governments of the Middle East and Central Asia has been detected, with a notable new ability to evade detection by tying its execution to multiple mouse clicks.

Why not watch?

  1. Learn Key Strategies for Industrial Data Security

  2. Supply Chain Risk and Mitigation in Operational Technology

  3. The Future of Fraud: Defending Against Advanced Account Attacks

  4. Reinforcing Firewall Security: The Need to Adapt to Persistent Cyber Threats

What’s hot on Infosecurity Magazine?