Infosecurity News

  1. The APPS Act – a proposal to protect users’ mobile privacy

    Rep. Hank Johnson, D-Ga, has introduced the bipartisan Application Privacy, Protection and Security (APPS) Act of 2013 (H.R. 1913). Its purpose is to require app developers to maintain privacy policies, obtain consent from consumers before collecting data, and securely maintain the data they collect.

  2. Indian malware campaign targeting Pakistan uncovered

    A leading anti-malware company has uncovered a wide-ranging malware campaign that appears to originate in India and seems primarily to target Pakistan with data-stealing malware.

  3. New Mac malware discovered live on stage

    Proving that not all demonstrations are staged, a previously unknown Mac backdoor was discovered during a live presentation at the Oslo Freedom Forum earlier this week.

  4. DHS: Critical infrastructure threats up 68% in 2012

    Critical infrastructure threats are up significantly according to US officials – a worrying state of affairs that spans a wide range of threat vectors and potential participants.

  5. Did Stuxnet help rather than hinder Iran’s nuclear program?

    Stuxnet is often cited as history’s first true cyber weapon. By common consensus it was developed and used by the US and Israel to successfully disrupt Iran’s nuclear program – but a new report questions its success.

  6. CISO: Chief Infosec Scapegoat Officer

    CISOs are often the first victim following a major security breach. Given the prevalence of such breaches, the average tenure of a CISO is now just 18 months; and this is likely to worsen if corporate security doesn’t improve.

  7. Enhanced and advanced Pushdo botnet is back

    Pushdo, one of the more enduring and resilient botnets, has already survived four takedowns in five years. Now a new variant with new evasion techniques has been detected.

  8. Twitter Uses Automation to Improve Security

    The Twitter product security team are improving the security of their code by adopting more security automation.

  9. LulzSec 'pirates' plead guilty to hacking

    Four LulzSec members who claim to be "latter-day pirates" have plead guilty to hacking charges and compromising millions of people's information.

  10. Game-changer: Android malware moves beyond apps

    Android malware authors have officially turned the complexity corner, according to an analysis of mobile malware for the first quarter of 2013. The size and scope of the Android threatscape is evolving, adding new tactics and advanced approaches that extend beyond malicious applications.

  11. Why is Microsoft reading users’ Skype messages?

    Heise Security published a suggestion that Microsoft is reading users’ Skype messages, but Microsoft maintains automated scanning is used to identify suspected spam and phishing links.

  12. More than 13,000 visitors attended Infosecurity Europe 2013

    Infosecurity Europe has released basic figures on last month’s eighteenth annual exhibition and conference: pre-ABC audit figures show a 6% increase in visitors over 2012 to 13,200, with more than 70 new exhibitors.

  13. DDoS-for-hire sevices turn to mainstream advertising

    DDoS services for hire – so-called “booters” that can be hired to knock, or boot, a website offline – are making their way out of the dark shadow-world of hacker message boards and forums, instead taking payments via PayPal and advertising in mainstream venues like YouTube with handy videos featuring hired actors.

  14. Howard Schmidt Announces SAFECode secure software development training

    At the Security Development Conference in San Francisco, Howard Schmidt, executive director, SAFECode, announced that the non-for-profit organization is tackling software development and engineering security with a set of free online training courses, available via on-demand webcasts and covering a range of issues, from preventing SQL injection to avoiding cross-site request forgery.

  15. Judge allows redacted disclosure of Reddit co-founder's documents

    The US government and MIT/JSTOR had agreed that documents concerning the prosecution of Aaron Swartz could, in part, be made public. The Swartz estate asked for the documents in full. The court has denied the estate and allowed the government and MIT/JSTOR to redact certain information.

  16. Mideast sabotage threats target US energy sector

    A new crop of Mideast-originated cyberattacks are targeting the American energy sector, with the intent of sabotage, not just espionage.

  17. Surveillance software targeted British/Bahraini citizen

    A witness statement filed in the high court London claims that Gamma International’s FinFisher (FinSpy) covert surveillance software targeted the computer of a leading Bahraini activist who holds dual British and Bahraini citizenship.

  18. Telecom fraud: a Chinese variant on the Police Trojan explained

    Fraud is big business in China. Last year there were more than 170,000 cases causing losses of more than $12.5 billion. New evidence suggests this might be getting worse with increasingly sophisticated cyber fraud.

  19. Snapchat’s expired snaps are not deleted, just hidden

    Snapchat doesn’t delete expired photos on Android phones – it merely tells the operating system to ignore them. That means they are still available for retrieval with the right forensic software.

  20. Hackers looted $45 million in global ATM heist

    A global gang of hackers managed to siphon off $45 million from ATMs thanks to outdated US credit card technology.

Why not watch?

  1. Reinforcing Firewall Security: The Need to Adapt to Persistent Cyber Threats

  2. Navigating Exposures in Energy ICS Environments

  3. Identifying Concentration Risk and Securing the Supply Chain

  4. Alert Fatigue: What Are You and Your Security Teams Missing?

What’s hot on Infosecurity Magazine?