Infosecurity News
Washington DSHS clients face potential patient data breach
Stolen hardware is once again the culprit behind a potential healthcare breach – this time in Washington state, where a private contractor's laptop containing confidential and personal health information on 652 state Department of Social and Health Services (DSHS) clients was discovered to be stolen.
Men's Health & Miltary-themed emails spread malware
An email campaign spreading malware via links purporting to be either for Men’s Health articles or military-related is spreading quickly, and appear to be coming from Australia or South Korea.
Does ACTA live on in the EC IPRED Directive?
The European Commission has run a public consultation on the enforcement of IPRED – the Intellectual Property Rights Enforcement Directive. The consultation closed on the day before April Fool’s Day – but not everybody is amused.
American Express joins the ranks of US banks attacked by al-Qassam group
On Thursday last week the American Express website went offline for a couple of hours during a DDoS attack by the Izz ad-Din al-Qassam Cyber Fighters in pursuance of their ongoing protest against the Innocence of Muslims video.
Don't forget: Evernote used for malware control
The cloud-based note-taking tool Evernote, with its adorable elephant logo and general user-friendly touchy-feely vibe, seems innocuous enough. However, cybercriminals are giving it a very different character, by hijacking the popular service and using it as a communication and control (C&C) server for malware.
Amazon cloud’s public buckets may be too public
Amazon’s Simple Storage Service (S3) is a popular cloud storage service, used by business to store static files, and by individuals to share them. Storage can be either public or private; but new research suggests that public is possibly more public than intended.
Spamhaus suffers largest DDoS attack in history – entire internet affected
Spamhaus, an IP blacklisting service, has been under a distributed denial-of-service (DDoS) attack for a week. Attack traffic has been rated at up to 300Gbps – three times higher than the previous record, and six times greater than the typical attack recently targeting US banks.
Java vulnerabilities are almost ubiquitous
Java vulnerabilities are seemingly ubiquitous, with vulnerabilities and zero-days nabbing headlines on what seems like a weekly basis. According to an analysis, that perception cleaves fairly close to reality: 94% of endpoints are vulnerable to at least one Java exploit, opening the door for data theft.
The dark side of encryption and social networks: Pedophile Jailed in UK
An internet pedophile has been jailed at the Inner London Crown Court for eight years after using social networks for grooming and encryption to hide his offenses. Because of the encryption, the police can only guess at other crimes.
Trojans, RATs and Slovenian money gang involved in $2.5 million bank fraud
Slovenian Police have detained five citizens in a $2.5 million, highly targeted bank fraud campaign. The criminal group was found to be using 25 money mules to electronically transfer funds out of the accounts of smaller companies.
Identifying individuals through mobile tracking
A new report published in Nature's Scientific Reports section shows how the location data available from mobile devices can be used as a virtual fingerprint to identify individual people regardless of whether the data is 'anonymized'.
Ministry of Justice consultation on compulsory DPA audits for NHS bodies
The UK Ministry of Justice has issued a new consultation paper aimed at NHS data controllers asking for views on whether the ICO should be able to impose a data protection audit on NHS bodies without their consent.
Pirated software carries malware payload that can cost billions
Pirated software may carry an ostensibly small price tag compared to the real thing, but it often also carries something else: ride-along malware that will cost consumers 1.5 billion hours and $22 billion this year in identifying, repairing and recovering from its impact.
Advanced vSkimmer botnet targets card payment terminals
The next evolution of credit card payment details extraction has hit Russian underground hacking forums in the form of the vSkimmer malware, a botnet that directly targets card payment terminals using Windows.
Anonymous claims Mossad hack; experts not convinced
This weekend saw the release of around 35,000 names and other details, allegedly including Mossad agents, stolen by Anonymous and following a warning that OpIsrael phase 2 – designed to ‘erase’ Israel from the internet – would commence on 7 April.
Details of the latest Sykipot exploits revealed
Sykipot malware, often tied to a Chinese origin, has been used extensively over the last few years to target primarily US defense organizations. Now the latest zero-day exploits used by the gang have been revealed.
Seoul cautious in blaming North Korea for massive cyberattack
South Korea, the globe’s most-wired country and one of its biggest tech hubs, has been hit with a wave of attacks on major media and banks, freezing networks and broadcast infrastructure and rendering a swath of ATMs, mobile banking, websites and payment kiosks unusable.
Privacy rules for the Police National Database protected sex offender Jimmy Savile
A critical review of the Jimmy Savile case, who now posthumously has hundreds of sexual abuse allegations against him, suggests that a combination of his celebrity status and police privacy rules combined to protect him for decades.
Scam warning: Facebook Black is back
The opportunity to change from Facebook blue to a different color is not a new scam, but there’s a new one doing the rounds right now: “I Totally Just Added The Brand New Facebook Black.”
Carna botnet – an interesting, amoral and illegal internet census
It started from a joke – we should try root:root to log on to random IP addresses. But it evolved from that into a botnet of port scanners able to port scan the entire IPv4 internet in very short order: a complete IPv4 internet census.
