Infosecurity News

  1. Citi Ordered to Pay $55K to Connecticut over 2011 Data Breach

    The state of Connecticut has slapped Citi with a $55,000 settlement over a 2011 data breach that resulted in hackers gaining access to names, account numbers and e-mail addresses belonging to around 360,000 Citi North American credit card customers.

  2. Syrian Electronic Army defaces US Marine Website

    The Syrian Electronic Army's latest exploit has been to hack and deface a US Marines recruitment website. The defacement showed a series of photos with military-dressed personnel, faces obscured, holding handwritten messages.

  3. FinFisher Spyware Presentation Details Leaked

    FinFisher is a trojan spyware kit developed and marketed by the UK/German company Gamma Group. It is used by many governments around the world for surveillance purposes – and was notoriously found to be targeting Bahraini activists.

  4. A Q&A with MafiaBoy

    MafiaBoy was the internet alias of Michael Demon Calce, a high school student from Quebec, who launched a series of highly publicized denial-of-service attacks in February 2000 against large commercial websites including Yahoo!, Amazon.com, Dell, Inc., eBay, and CNN. Here, he talks about how he did it, the politics of cyberattacks, and the evolution of attack motivations and methods.

  5. Infosecurity Weekly News Update: 26 August - 2 September 2013

    Dan Raywood summarizes all of the top news headlines from the information security industry from the week commencing 26 August 2013.

  6. Tor is Not as Safe as You May Think

    A new research paper, due to be presented at the 20th ACM Computer and Communications Security Conference (CCS 2013) at Berlin in November, has demonstrated that over time Tor users can be discovered with a high degree of accuracy.

  7. Black Budget: NSA's Team of Elite Hackers Tasked with 'Sabotage'

    The Edward Snowden leak is the leak that keeps on giving for news organizations, apparently: New documents have been released that detail the National Security Agency and the CIA’s intelligence budget. And, perhaps not surprisingly, it points to the existence of an elite group of government hackers.

  8. Dropbox Hackable; Well, in a Way

    Two researchers have demonstrated that they can reverse engineer the Dropbox client and gain access to the user’s cloud storage. But first they have to own the user’s computer – and if they do that, they’ve probably got the files locally.

  9. ISACA Kicks Off COBIT 5 Assessor Certification

    Assessors are key figures in IT environments, ensuring that processes and policies are in place to support effective governance and management of information. But as ISACA knows, doing it well is every bit as complex as the IT environment itself – so you want to make sure those assessors have the appropriate skills, expertise and training in place.

  10. Facebook Hijacked to Spread Chrome, Firefox Browser Malware

    Facebook is being used to spread malware again, this time through messages claiming to be from friends wanting to share videos. The “video link” of course opens a door for hackers to hijack users’ Facebook accounts and web browsers.

  11. Breach Notification is Now EU Law for Communications Providers

    On 25 August, the EU’s new breach notification Regulation for electronic communication service (ECS) providers came into force. The Regulation supplements an earlier Directive that instructed ECS companies to notify their competent national authority in accordance with national laws.

  12. The Ponemon Institute: Most Organizations are Woefully Behind in Application Security

    When it comes to locking down enterprise infrastructure, the application layer is responsible for more than 90% of all security vulnerabilities, yet more than 80% of IT security spending continues to be at the network and endpoint layer, new research has found.

  13. Syrian Electronic Army Steps Up a Gear – Re-Directs Major Websites to its Domain

    Rather than hack individual websites or Twitter accounts, SEA’s latest attack was on the MelbourneIT domain registrar. It was then able to redirect visitors to MelbourneIT’s customers – including the New York Times, Twitter and Huffington Post – to an SEA controlled website.

  14. Password Cracker Cracks 55 Character Passwords

    One of the world’s leading password crackers just got better and is now able to crack passwords of up to 55 characters in length and algorithms such as TrueCrypt 5.0+, LastPass and Samsung Android Password/PIN.

  15. Facebook Report Discloses Number of Government Requests for User Data

    Facebook has now joined other major cloud service companies with its own version of a transparency report: its first Global Government Requests Report purports to show how many government requests for user data it received in the first six months of 2013.

  16. Molerats Hacking Campaign adds Poison Ivy to its Repertoire

    Molerats is the term used for a hacking campaign orchestrated by the Gaza Hackers Team. Until now it had seemed that this group concentrated on using the XtremeRAT trojan. New research now suggests that that the group has also started using the Poison Ivy RAT.

  17. NSA Revealed Spying on the UN and EU Embassies

    The latest revelations from Edward Snowden published by Der Spiegel and Laura Poitras, the American film maker based in Berlin and visited by David Miranda before his detention at Heathrow, shows extensive and sophisticated NSA surveillance of both the EU and UN organizations in the US.

  18. Twitter Scanning DMs to Help Profile its Users

    A European privacy activist is warning that Twitter monitors users' Direct Message private tweets, even to the extent of visiting URLs contained and copying the content of the web pages concerned – most likely for behavioral profiling.

  19. Lady Gaga Sees Applause for Single, Despite 'Hacker' Leak

    Lady Gaga is…displeased. She’s blaming “hackers” for the leak of her new single, “Applause,” ahead of its scheduled release date on August 19.

  20. China Hit with Biggest DDoS Attack in its History

    China faced the largest distributed denial-of-service (DDoS) attack in its history over the weekend, leading to a two-to-four hour shutdown of swaths of IP addresses using .cn, China's country code top-level domain.

Why not watch?

  1. Mastering Australian Privacy Act and Essential Eight While Improving Cybersecurity Posture

  2. New Cyber Regulations: What it Means for UK and EU Businesses

  3. Alert Fatigue: What Are You and Your Security Teams Missing?

  4. Dispelling the Myths of Defense-Grade Cybersecurity

What’s hot on Infosecurity Magazine?