Infosecurity News
EXPIRO File Infector Variant Presents Unusual Threat Combo
A file infector malware recently discovered in the wild is exhibiting what security researchers are calling unusual characteristics stemming from an unexpected combination of threat techniques.
Goofing off at Work Can Lead to Malware Infections and Data Breaches
Surveys show that employees spend up to 30% of their working hours on private affairs. And all of those non-productive hours could translate to not just lost output, but actual negative equity in the form of malware attacks and hacking incidents.
Half-Life 3 Confirmed!
Half-Life is a popular game developed by Valve and available on the Steam gaming platform. Enthusiasts of Half-Life 2 have been waiting years for the next installment; long wanted but never delivered. Despite the 'confirmation', it still isn't.
Governments are Big Buyers of Zero-Day Flaws
The extent and sophistication of the market for zero-day vulnerabilities is becoming better understood. It appears that governments – especially the US, UK, Israel, Russia, India and Brazil – are among the biggest customers.
ICO Fines NHS Surrey £200,000
The UK's Information Commissioner has fined NHS Surrey £200,000 for not ensuring that patient data was completely removed from recycled PCs. Some of those PCs ended up on an online auction site.
Post-PRISM, Feds Have Been ‘Disinvited’ to Def Con Hacker Gathering
As the annual Def Con event prepares to launch in Las Vegas on August 1, 15,000 hackers are planning to descend onto the hot desert landscape. Organizers have however warned federal agents, government security staffers and law enforcement agents that their particular presence is not required.
Retina Scans? Yes Please! Just Not for Passwords or PINs
Cue the Mission Impossible theme: Europeans (especially the French) really like the idea of biometrics – ultraviolet fingerprint authentication, vein topography scans and the like – when it comes to slipping into secure corridors and preventing international criminals from moving across borders. But when it comes time to use them for ho-hum applications like password replacement? Not so much...
35,000 Unauthorized Logins at Konami Video Games Company
Konami Digital Entertainment announced on Wednesday that it had experienced 35,252 unauthorized logins (out of 3,945,927 attempts). This occurred within days of a similar experience at Nintendo.
Attackers Using Dropbox and Wordpress to Target, Disguise and Distribute
Trusted and popular cloud services Dropbox and Wordpress are being incorporated into sophisticated, targeted APT-style attacks by the same Chinese group thought to be behind the New York Times compromise late last year.
Hitachi ID Systems releases updated ID management offering
The Canada-based ID management specialist has unveiled a new release for its ID Management Suite, with additional features. The firm has also inked a deal with one of Europe’s leading telecommunications providers.
Morningstar Provides (some) Information About Breach
Morningstar Inc, an investment research firm, has disclosed a breach that compromised 2300 credit card details and possibly 182,000 user names and passwords; but the company has provided little additional information.
EMC's RSA Division Acquires the Aveksa IAM Company
Authentication lies at the heart of security -- ensuring that only authorized users can access relevant data is the basis of keeping data safe and companies compliant. This is the role of identity and access management (IAM) systems. But in recent years it has become increasingly difficult.
Attack on South Korean targets part of a larger cyber-espionage campaign
The March 20 cyber-attack on South Korean financial services and media firms, known as Dark Seoul, was thought to be significant not only for the high-profile nature of the targets but also for the use of a Master Boot Record (MBR) wiping functionality that erased the hard drives of infected PCs.
Patch Tuesday preview: July 2013
Microsoft will issue seven security bulletins in this month's Patch Tuesday tomorrow. Six are marked critical and one is marked important, heralding a busy period for both desktop and server admins.
99% of Android Devices Vulnerable to App Modification
A stealth start-up founded last year has discovered and described a vulnerability that it claims affects 99% of all Android devices – in fact every device sold since Android 1.6 (Donut); that is, nearly 900 million devices.
The European Parliament has voted in favor of a new directive on cybercrime
By a vote of 541 to 91, with 9 abstentions, EC proposals for a directive on stiffer penalties across Europe for cybercriminals have been adopted by the European Parliament. Denmark has chosen to opt out of the directive, preferring to maintain its own system.
Darkleech now delivering ransomware
Darkleech compromises the Apache web servers that deliver a large part of the internet. It fetches an instance of the Blackhole exploit kit, which delivers the Nymaim ransomware. $300 to get your computer back.
Ubisoft, maker of Assassin's Creed and Ghost Recon, breached
Ubisoft, the French game company that asked Kaspersky Lab to make sure hacking in its upcoming Watch Dogs game looks real, got hacked for real with names, emails and passwords stolen.
CEOP's annual report on the threat of child abuse
The UK's Child Exploitation and Online Protection Centre (CEOP) has published the second of its annual Threat Assessment of Child Sexual Exploitation and Abuse reports.
MI5 and GCHQ: Britain facing 70 advanced cyber attacks per month
The UK’s MI5 and the Government Communications Headquarters (GCHQ) have revealed that according to their information-gathering activities, Britain faces around 70 sophisticated cyber-espionage operations per month against its government and industry networks.
