Infosecurity News

  1. Chrome Vulnerable to Camjacking

    Camjacking is clickjacking aimed at taking over the PC’s webcam – and although Adobe fixed the Flash vulnerability that allows it back in 2011, it lives on in the Flash implementations of Chrome and (not verified) IE10.

  2. Google Glass privacy questioned by six countries and the EU

    Led by Canada's privacy commissioner Jennifer Stoddart, and enjoined by 36 provincial and international colleagues, Google has been invited to enter a dialogue with data protection authorities over the privacy issues around Google Glass.

  3. Malware swarming on P2P networks

    For all of their benefits when it comes to enabling consumer communication, peer-to-peer networks have been notorious hideouts for pirated content and other things that wish to elude detection. They’re providing cover now for something else: malware.

  4. Manchester City’s Scouting Database Compromised

    75% of the UK’s Premier League football clubs, and 50% of clubs in the major European leagues use the services of Scout7 to provide solutions in player scouting, recruitment and information management. Manchester City’s private database has been breached.

  5. Big Data causes big problems for security

    For enterprises, the ability to detect data breaches within minutes is critical in preventing data loss, yet only 35% of firms stated they have the ability to do this. The culprit? An ever-escalating array of data sources stemming from virtualization, anywhere, anytime work habits and an explosion of end-user devices and applications. In short, organizations around the world are finding themselves unable to harness the power of Big Data for security purposes.

  6. Opt-out porn filters in the UK by the end of the year

    UK ISPs will have porn filters operational before the end of 2013 said David Cameron’s ‘pornification’ advisor Claire Perry at a Westminster eForum last week.

  7. Blank media levy extended to smartphones and tablets

    The ‘blank media levy’ is effectively a tax on blank media (originally tape cassettes) designed to compensate content creators for illegal copying of copyrighted works. Over the years it was extended to include CDs, DVDs, hard disks – and is now making its first forays into devices that include solid state memory.

  8. Fortune 500 security policies are a mixed bag

    A research effort into the security practices of Fortune 500 companies has found that while a majority of the largest US public companies are following the Securities and Exchange Commission (SEC) Guidelines by providing some level of disclosure regarding data breaches, some companies that have had exposures have chosen to remain silent. And, companies may be underestimating certain risks, like state-sponsored cyber-espionage.

  9. Sweden effectively bans government use of Google

    An announcement from the Swedish Information Commissioner enjoins Salem Municipality ‘to either remedy the shortcomings of the agreement [to use Google’s cloud services] or to stop using the cloud service.’

  10. Gartner analysts drop the bomb on cyberwar hysteria

    In a talk this week’s Gartner Security and Risk Management Summit near Washington DC, two industry analysts from Gartner examined the hype and reality behind the idea of ‘cyberwar’ – defining what it is, what it is not, and what organizations should do to prepare.

  11. MBR-wiping malware targets German victims

    Master boot record wipers have been cropping up lately, most notably in a widespread attack on South Korea media properties. A new MBR-based hack is now targeting German users, who are at risk of having their systems rendered unusable by malware being sent via spam messages.

  12. Worldwide reaction to NSA/PRISM surveillance – an overview

    When the NSA's surveillance program was first revealed by Edward Snowden last week, initial reaction was that it was a US issue. But with the realization that the greater part of the world's internet traffic is at some point routed via the US, the worldwide ramifications are becoming better understood and questioned.

  13. KeyBoy backdoor targets attacks to Vietnam, India

    Researchers at Rapid7 have uncovered two specific attacks using a new backdoor malware targeting victims in Vietnam and in India. The security company has dubbed the threat KeyBoy after a string present in one of the samples.

  14. Unchecked admin rights a top threat to enterprises

    While IT security professionals recognize the threat posed by unwitting employees, many still admit to allowing administrative privileges to go unmanaged, making organizations increasingly vulnerable to malware exploits and unauthorized software, according to a survey by Avecto.

  15. New version of Zbot/Zeus found in the wild

    You cannot teach an old dog new tricks, says the old saying. Maybe you can, suggest security researchers after discovering a new self-propagating Zbot variant in the wild.

  16. Pirate Bay founder wanted for Danish hack

    Gottfrid Svartholm, one of the original founders of The Pirate Bay and currently awaiting a verdict for the hack of Logica in Sweden, is now wanted for another hack in Denmark: this time on CSC.

  17. The EU’s hacker legislation mirrors the US Computer Fraud and Abuse Act

    “This directive,” says rapporteur Monika Hohlmeier, “introduces much-needed common rules for criminal law penalties, and also aims to facilitate joint measures to prevent attacks and foster information exchange among competent authorities.”

  18. Car thieves found using handheld fobs to hack automatic car locks

    A mystery technology is allowing car thieves to pop open automatic car locks over the air using a hand-held device – but police have no idea how they’re managing to do it.

  19. Technical Skills Not Important for Future CISOs Declares Forrester

    In a session titled ‘Becoming the Future CISO’ at the Forrester Forum for CIO’s in London, England, June 6 2013, Andrew Rose declared the current role of CISO a dying breed.

  20. CESG publishes identity proofing guidelines

    Access management is designed to allow only authorized digital identities to gain access to a system. But a digital identity is nothing more than “a collection of attributes that uniquely define a person or organization.” Proofing is the process of ensuring that those attributes belong to the genuine applicant.

Why not watch?

  1. Identifying Concentration Risk and Securing the Supply Chain

  2. New Cyber Regulations: What it Means for UK and EU Businesses

  3. Alert Fatigue: What Are You and Your Security Teams Missing?

  4. How to Manage Your Risks and Protect Your Financial Data

What’s hot on Infosecurity Magazine?