Infosecurity News

  1. Foxit fixes PDF reader security vulnerability

    Foxit has released a new version of its PDF viewer, Reader 5.4.5, which fixes a web browser plugin vulnerability that would allow attackers to execute arbitrary code.

  2. Cyber risk is not translating into boardroom discussion

    Responsibility for cyber risk starts and stops with the board, says GCHQ; cyber attack is the most likely technology risk incident says the World Economic Forum; but the board isn’t taking it seriously, suggests Trustwave.

  3. PCI Council announces new board seats, working groups and Asia-Pac event

    The PCI Security Standards Council (PCI SSC) is tapping the payments community to participate in the 2013–2015 Board of Advisors election process, fresh PCI Special Interest Groups (SIG) and the 2013 PCI Community Meetings.

  4. FAKEM RATs disguise their network traffic as legitimate

    While well known remote access trojans such as Gh0st, PoisonIvy, Hupigon, and DRAT produce network traffic that is easily detectable, a new family of malware dubbed FAKEM seeks to disguise its presence by making the traffic look like a legitimate protocol.

  5. Spam campaign makes offerings to Zeus

    The widespread banking trojan/botnet known as Zeus is continuing to throw its malware-infested thunderbolts at unsuspecting users, this time through a wide-net spam campaign.

  6. Shylock malware dials up Skype

    The banking trojan known as Shylock is calling up more victims, thanks to a new propagation tactic of using Skype. It’s also added a few new features to worsen the infection.

  7. Credit card-stealing malware infests nearly 100 Zaxby's chicken restaurants

    Hackers have already been shown to have a taste for Subway, but they apparently have a hankering for fried chicken too. A new criminal attack has potentially compromised credit card data at almost 100 locations of Zaxby’s, a Southern, chicken-centric restaurant chain in the US.

  8. Red October analysis reveals complex, two-stage attack

    In the wake of the discovery of Red October, a complex, in-depth cyber-espionage campaign going back at least five years, security researchers have published a comprehensive analysis of the breadth and depth of the operation, uncovering a two-pronged attack methodology.

  9. Anonymous Mexico hits defense ministry in support of Zapatistas

    South-of-the-border members of the hacktivist collective Anonymous have claimed responsibility for a cyber attack on the Mexican defense ministry that brought down its website temporarily this week.

  10. FireEye adds six new executives to its leadership team

    California-based cybersecurity specialist FireEye has added six new members to its global leadership team, the firm recently announced

  11. Adobe patches four exploited ColdFusion flaws

    In its own Microsoft-synchronized Patch Tuesday this month, Adobe merely issued an advisory on four known and exploited flaws in ColdFusion. Yesterday it patched them.

  12. BC healthcare breach affects 5 million Canadians

    Health data for more than five million British Columbians over the course of at least three incidents has been handled improperly by the Ministry of Health in its dealings with university researchers and contractors, violating the regulations for encryption required by law. The BC provincial government plans to notify more than 38,000 individuals of the breaches by letter.

  13. 90% of passwords can be cracked in seconds

    More than 90% of user-generated passwords can be made vulnerable to hacking in a matter of seconds, according to new research from Deloitte.

  14. Sixty percent will fall to a phishing attack that might herald an APT

    The type of attack known generally as an advanced persistent attack (APT) is typically highly targeted and advanced; that is, it is aimed at one company (or a small group of companies), and will likely use one or more zero-day exploits.

  15. John McAfee turns up in Oregon to work on autobiography

    Anti-virus security pioneer John McAfee has packed up and moved to Oregon, after months of erratic behavior and intrigue in Central America. His goal is to tell his life story through a series of media projects.

  16. Red October cyber-espionage campaign targeted high-level government entities for 5 years

    A high-level cyber-espionage campaign has successfully infiltrated computer networks at diplomatic, governmental and scientific research organizations across the globe over the course of the last five years, security researchers say.

  17. Websense appoints new CEO

    Unified information security technology vendor Websense has named John McCormack as its new chief executive following the announced retirement of former CEO Gene Hodges

  18. Reddit co-founder dies from apparent suicide

    Aaron Swartz was found by his girlfriend Taren Stinebrickner-Kauffman hanging by his own belt in their Brooklyn apartment last Friday. On Saturday the New York medical examiner’s office ruled death by suicide.

  19. Fake Google Chrome updates unleash banking trojan

    A ploy targeting consumers with bogus Google Chrome browser updates is spreading Zeus-like banking malware to unsuspecting web surfers.

  20. Global Payments breach cost the company $93.9 million – so far

    Global Payments, which has never been particularly forthcoming over the loss of 1.5 million card details (it could have been more) in 2012 (it could have been earlier) has now disclosed associated costs of $93.9 million – but it will be more.

Why not watch?

  1. Learn Key Strategies for Industrial Data Security

  2. The Future of Fraud: Defending Against Advanced Account Attacks

  3. Supercharge Your Security With Intelligence-Driven Threat Hunting

  4. Supply Chain Risk and Mitigation in Operational Technology

What’s hot on Infosecurity Magazine?