Infosecurity News
Joint Microsoft/Symantec operation takes down Bamital botnet
Bamital is a click-fraud and search hijack operation that is estimated to have earned its operators around $1 million annually. Microsoft and Symantec have now identified and shut down all known components of the botnet.
Tridium vulnerability throws building controls wide open to hackers
Imagine if hackers were able to remotely control electronic door locks, alarms, lights, elevators, heating and thermostat systems, and other physical industrial facilities? Well it turns out that, thanks to a critical vulnerability in Honeywell industrial control systems, they can.
Juniper Networks acquires Accumuli’s Webscreen DDoS mitigation technology
The agreement, effective from February 4, 2013, gives the US networking giant the Webscreen technology plus some assets, while providing Accumuli with $10 million to invest in its core services.
ForeScout and AirWatch team up on enterprise-based BYOD solutions
Two vendors specializing in enterprise-based mobile security recently announced a partnership that will integrate their technologies for BYOD deployments
Malware monetization settles into four main vectors
When it comes to malware, threats are coalescing into four typical methods that cybercriminals are using today to extract money from their victims, according to Fortinet Labs. The research also showed increasing activity in mobile malware variants of the Android Plankton ad kit, as well as in hacktivist web server vulnerability scanning.
Visa to support generic EMV to bolster US smart card adoption
Card processing giant Visa is embracing the idea of a common US debit security approach by agreeing to partially open up the kimono on the technology behind its Europay MasterCard Visa (EMV) chip card – hoping to facilitate EMV adoption in the process.
Chinese ties suspected in APT targeting aerospace and defense industries
An advanced persistent threat (APT) specifically targeting the aerospace and defense industries has been uncovered, with likely ties to Chinese hackers, security researchers say.
DroidCleaner: Android malware that infects PCs
DroidCleaner, an Android app that claims to free up smartphone memory but actually infects connected PCs, has been removed from Google Play but is still available from third-party app stores.
Iceland expelled FBI agents seeking to question a WikiLeaks volunteer
On Friday, Iceland’s interior minister revealed that two years ago he expelled FBI agents who had arrived unannounced in Iceland to interview an unidentified WikiLeaks associate in August 2011, and had instructed the police not to cooperate with the FBI.
Twitter hacked – 250,000 user details may have been lost
Late on Friday afternoon Twitter announced that it had been breached and that attackers may have had access to usernames, email addresses, session tokens and encrypted/salted versions of passwords for approximately 250,000 users.
Red October cyber-espionage campaign used highly sophisticated infiltration techniques
Red October (Rocra), the high-level cyber-espionage campaign that successfully infiltrated computer networks at diplomatic, governmental and scientific research organizations worldwide, has a more shadowy persona than the typical APT, security researchers said.
Google submits anti-trust proposals to EU
Google has submitted anti-trust proposals to the European Union anti-trust regulator to stave off action that could potentially lead to a $4 billion fine.
ISACA launches security audit programs for BYOD, data privacy and outsourcing
Getting in on the triple zeitgeist of IT consumerization and the bring-your-own-device (BYOD) phenomenon, data privacy, and how to stay secure while taking on business partners, ISACA has developed three fresh IT audit/assurance programs for each subject area.
Identity and access management in the cloud
The growing prevalence of shadow IT caused by BYOD and remote working is making an existing security problem much worse: how do you protect an increasing number of passwords used for an increasing number of cloud applications?
NY Times points blame for 4-month hack at Chinese government
In a development that appears to be as politically motivated as the kidnapping of embedded investigative journalists in the Middle East, the New York Times said that it has uncovered a four-month-long hacking effort on the part of Chinese hackers.
Financial skulduggery and email hackery
Buried in all the financial reporting on the battle for control of Indonesian coal mining company Bumi is the small matter of whistleblowing and email hacking.
Cross-site scripting attacks up 160% in Q4 2012
Cross-site scripting (XSS) is increasingly common in the cloud computing world, up more than 160% in the fourth quarter of 2012 from the previous three months, a security firm is warning.
Worldwide communications infrastructure faces APTs, bots, DDoS; mobile networks weakest
Communications service providers and network operators are a potential weak link when it comes to security. Their networks carry every app, connect every mobile device and provide all of us with on-ramps to the internet. In short, we couldn't communicate personally or on a business level with out them. So how secure is worldwide communications infrastructure?
From hackers to obituary-readers, identity theives have many personae
From dumpster divers to pickpockets, identity thieves come in many varieties. But while identity theft continues to be one of the greatest security issues for consumers (the US Federal Trade Commission estimates that about 15 million Americans fall victim to identity fraud each year), very few consider the source – and therefore vector – of the attacks.
Java security settings can be ignored by malware
New vulnerabilities and flaws in Java are so common and frequent that it is difficult to keep pace. Less than two weeks ago it was revealed that the Java sandbox could be bypassed; now it is disclosed that the complete security settings can be ignored.
