Infosecurity News

  1. The Insecure Pacemaker: FDA Issues Guidance for Wireless Medical Device Security

    The concept of a hacker causing a heart attack by remotely compromising a pacemaker or shutting down an insulin pump on a diabetic is unfortunately not in the realm of science fiction, with very real vulnerabilities having been found in connected medical devices. The US Food and Drug Administration (FDA) is now addressing the issue with a 24-page set of recommendations for regulating medical devices with wireless connectivity.

  2. DDoS Weapon Found Hidden in Orbit Downloader

    Anti-virus companies don’t just block malware – they also give their customers the option to block ‘potentially unwanted apps’ or PUAs. These aren’t strictly malware, but can violate a user’s privacy. Adware can potentially be a PUA.

  3. German Federal Government Warns on the Security Dangers of Windows 8

    The problem revolves around the upcoming Trusted Platform Module v 2.0 developed by the US-dominated Trusted Computing Group, which cannot be deactivated by the user. The concern is that this provides a back door for Microsoft, and by extension, for the NSA.

  4. Latest Spy Law May Force Mega to Leave New Zealand

    Kim Dotcom warned earlier this month that if a new bill – the Telecommunications (Interception Capability and Security) bill known as TICS – were to become law, he would move Mega’s privacy services out of New Zealand. TICS was passed yesterday in the New Zealand parliament by a vote of 61 to 59.

  5. The Counter-productive Effect of the Cost of Cybercrime

    The cost of cybercrime is frequently used to justify the cost of security products and the implementation of new – and invariably more stringent – cyber laws. But what if those figures are wrong? Could it mean that industry, and government, gets its entire cybersecurity strategy wrong?

  6. Poison Ivy Dissected: Commodity Tool or APT Weapon?

    The contradiction behind a remote access trojan (RAT) such as Poison Ivy is that while it is easy to use and widely used, it can also indicate a sophisticated – or APT-style – attack designed to exfiltrate specific data from major organizations.

  7. NIST Updates Patching and Malware Avoidance Guides

    The US National Institute of Standards and Technology (NIST) has updated two of its computer security guides to help system managers protect their systems from hackers and malware.

  8. Microsoft Warns of Permanent Zero-Day Exploits for Windows XP

    When Microsoft announced that it would discontinue support for Windows XP starting on April 8, 2014, many companies began the long process of transitioning to modern operating systems like Windows 7 or Windows 8. But there are others that won’t – and the software giant is raising the spectre of a zero-day onslaught as a result.

  9. Android Bitcoin Wallet Issue Points Out Critical Need for Mobile App Management

    The previously disclosed flaw in Android’s Bitcoin wallet has now been quantified in terms of its scope: the vulnerability has left over 360,000 applications up for attack, subsequently compromising the data of thousands of users, as well as their cyber-wallets.

  10. The Detention of David Miranda Raises Serious Issues

    Over the weekend David Miranda, partner of Glen Greenwald - the Guardian journalist who published the first of a series of reports detailing United States and British mass surveillance programs, based on documents obtained by Edward Snowden - was detained at Heathrow for just under 9 hours – the maximum allowed under Section 7 of the Terrorism Act. Miranda was in transit from Berlin to his home in Brazil. All of his electronic equipment was confiscated.

  11. Google Responds to British Lawsuit: UK Privacy Laws Don’t Apply

    There have been two new developments in the British lawsuit against Google for allegedly overriding Safari privacy settings to track users’ internet habits: firstly the High Court granted permission to serve on Google Inc, putting the papers into the public domain; and secondly Google responded by claiming it does not have to answer to the UK courts.

  12. Are Encryption Keys Protected by the Fifth Amendment?

    A man was arrested in Wisconsin this week as the latest move in a long-running battle by the authorities to force him to hand over decryption keys for hard drives believed to contain child pornography.

  13. Washington Post (& CNN, & Time, but not NYT) Hacked by Syrian Electronic Army

    The Washington Post yesterday issued a brief statement confirming that it had indeed been breached by SEA. At around the same time, the New York Times claimed that a brief outage on Wednesday had been caused by maintenance rather than hacking.

  14. Error 451 – Unavailable for Legal Reasons

    The Open Rights Group has launched a campaign for the adoption of a new HTTP 400 range status code: Error 451, designed to indicate that access to a page or website is unavailable by court order.

  15. IBM to Acquire Financial Malware Defense Firm Trusteer

    IBM has announced a definitive agreement to buy the Israeli firm Trusteer, which specializes in anti-financial malware and fraud software. Although terms have not been revealed, market estimates put the price at around $800-$900 million.

  16. Users Have No Expectation of Privacy in Gmail Says Google

    In filing a motion to dismiss a class action that it illegally intercepts and reads emails, Google lawyers have invoked a ruling from a 1979 court case (Smith vs Maryland) that originally referred to telephony.

  17. DNS Posioning and Spoofing Made Simpler with BIND Vulnerability

    Web page spoofing just got easier: One of the defenses against Domain Name System (DNS) cache poisoning and web address spoofing lies in the randomization of the IP address of the queried name server. But a newly found vulnerability in BIND, the most widely used DNS software on the internet, enables an attacker to de-randomize the queries—greatly reducing the time and effort required to successfully poison BIND's cache.

  18. Hacking the Lightbulb: Malware Can Produce a Sustained Blackout

    Considering the hyper-connected world that we live in, a good security mantra should be: if it can be connected to the web, it can be hacked. Even light bulbs. Yes, even light bulbs.

  19. Cyber Spies in London Recycle Bins Told to Move On

    News emerged last week that a London firm had been installing wifi snooping equipment in London recycle bins, spying on the mobile phones of passers-by. But the City of London authorities have moved quickly with a cease and desist instruction.

  20. Dalai Lama’s Website Compromised and Serving Malware

    The Dalai Lama and his supporters have been under almost continuous cyber attack for years. In a new ‘don’t go there’ announcement, a security researcher warned Monday that the Chinese language version of his website has been compromised in a new water hole attack that delivers a backdoor trojan.

Why not watch?

  1. Navigating Exposures in Energy ICS Environments

  2. How to Manage Your Risks and Protect Your Financial Data

  3. Reinforcing Firewall Security: The Need to Adapt to Persistent Cyber Threats

  4. Alert Fatigue: What Are You and Your Security Teams Missing?

What’s hot on Infosecurity Magazine?