Infosecurity News
NATO lays out cyber-war rules of engagement
A new handbook created for NATO has set out 95 black-letter rules of cyber warfare that, among other recommendations, states that governments should refrain from launching attacks on civilians, hospitals, nuclear power stations, dams and dykes.
Pinkie Pie slices out $40K reward at Google Pwnium 3 hacking contest
Earlier this month at the CanSecWest security conference, Google’s Chrome team took part in the Pwn2Own hacking contest and hosted its own, the third iteration of its Pwnium competition. While there weren’t any “winning” entries at Pwnium – i.e., no full exploits against the browser were developed – Google did pay out a partial reward to the teen hacker who appears to be making Chrome a bit of a specialty.
Sophisticated Rating System for Cyber Attacks Proposed
It has long been suggested that ‘advanced’ is a misnomer in the majority of APTs; and that ‘sophisticated’ has lost its meaning. Is it time for an objective attack rating to eliminate emotive, subjective and misleading threat terminology?
Still NotCompatible: Android trojan takes fresh tack with spear-phishing
An old Android malware threat is targeting mobile devices in a new way: the NotCompatible mobile trojan is now using email spam to dupe people into clicking an initiating link.
Has HTTPS been broken?
In practical terms for the average user, probably not yet; but in the absolute terms of crypto-theory, probably yes – again. The difference is that security professionals measure security in the relative terms of risk analysis, while cryptographers take a binary view to cryptography: it is or it is not broken.
Removing administrator rights is no solution against drive-by attacks
When Windows 7 was released, Gartner recommended that migration from XP be used as a catalyst for removing administrator rights from as many users as possible, which it said is ‘the single most important way to improve endpoint security.’
Credit reporting one key to celebrity doxxing affair
In the wake of the high-profile celebrity and politician doxxing campaign last week, in which private information about dozens of celebs from Michelle Obama to Kim Kardashian was posted online, more information about the provenance of the information has come to light.
NIST’s National Vulnerability Database vulnerable and hacked
The first sign of a problem was the simple message, this site is ‘down for maintenance’. This was later replaced by the current message, NVD ‘has experienced an issue with its web services and is currently not available.’ The reality is, NVD got hacked.
Who’s really attacking your ICS Equipment?
State-sponsored malware such as Stuxnet and Flame raised awareness of ICS/SCADA vulnerabilities, and the potential for serious infrastructure damage via them. New research presented today at Blackhat Europe discusses the findings of a honeynet study into ICS attacks.
Printer-related security breaches affect 63% of enterprises
Even though organizations are increasingly aware of the damage that can be done to their reputation and customer trust through the misuse or loss of sensitive data, a new report reveals that only 22% of businesses have implemented secure printing initiatives, indicating a low level of awareness of the efficacy of this attack vector.
Tibetan, Uyghur activists fall victim to MiniDuke malware
Activists for Tibet and China’s Uyghur community are being targeted once again, this time with an Adobe PDF vulnerability using the MiniDuke malware.
Malware attack recovery costs an average of $3,000 per day
Organizations citing cybersecurity costs as an impediment to implementing a layered defense should rethink their priorities: Denial of service (DDoS) and malware infection recovery costs range into the thousands of dollars – per day.
Nevermind Anonymous – organizations are in danger of DOSing themselves
The danger comes from staff bringing both their personal devices and their personal preferences to work – whether that’s listening to the radio, watching the latest episode of their favorite soap during break periods, or browsing YouTube.
CSO role expands to include organization-wide risk management
That information security is really an aspect of organizational risk management is well known in theory, but is now being mirrored in practice. New research demonstrates that CSOs are increasingly adopting a risk-based rather than tick-box approach to security.
France, Skype go tête-à-tête over lawful intercept
Skype is running into a contretemps, as it were, with the French telecom authority over lawful intercept regulations, with some executives possibly facing criminal charges for non-compliance.
Amid banking DDoS attacks, Obama convenes cybersecurity meeting with CEOs
President Barack Obama is shining yet another light on the rising cybersecurity threat in the US, sitting down with more than a dozen CEOs inside the White House Situation Room to discuss how government and the private sector can work together to better protect the nation’s citizens and critical infrastructure.
Celebrities, politicians lose privacy in doxxing attack
A range of political and celebrity targets have been made victims of a cyber-attack known as “doxxing”, by perpetrators using a Russian website.
Australia's central bank admits it was hacked
The Reserve Bank of Australia has admitted that its been an ongoing target for hackers, although the nation's central bank says no data has been lost as a result of the attacks.
VISA sued over PCI fines levied on retail company
In what is believed to be an industry first, Tennessee-based footwear and sports apparel retail chain Genesco is suing Visa over a $13 million dollar fine imposed following a data breach in 2010.
Another Honeywell ICS vulnerability rears its head in building control
A new vulnerability, CVE-2013-0108, has been discovered in Honeywell industrial control systems (ICS), continuing the growing trend of SCADA and building control issues.
