Infosecurity News

  1. 99% of mobile malware targets Android

    The fact that Android malware is an escalating issue comes as no surprise, but a recent analysis of its sheer 'market share' of the mobile malware universe is noteworthy.

  2. iOS app bait-and-switch scams made harder by Apple

    Bait-and-switch is a tried and tested scam used in many forms of retail. In the app world it involves tricking users into believing they are buying something ‘good’ while in reality they are buying something bad.

  3. UK cyber-hygiene in need of a good scrub up

    Coinciding with the publication of yesterday’s highly critical Defence Select Committee report on the state of cyber security in the military, Major General Shaw points the finger at the public.

  4. FBI warns of renewed fake American Airlines email attack

    The FBI has warned that new malware is making the rounds, embedded within faux emails from American Airlines claiming to send order confirmations.

  5. Virtustream teams up with Vormetric on cloud-based encryption

    Cloud-based software firm Virtustream has partnered with enterprise encryption specialist Vormetric to add database encryption and key management to its xStream cloud solution for enterprise compliance requirements

  6. 88% of businesses think they're safe from cyber attack

    Overconfidence is apparently endemic when it comes to a sense of cybersecurity: a new study from Deloitte shows that 88% of companies surveyed don’t think they are vulnerable to an external cyber threat, and half don’t have a documented plan in place in the event of one.

  7. Adobe’s patches for January 2013

    Adobe has released security updates for Adobe Reader and Adobe Flash Player, and has re-issued its ColdFusion advisory. The Reader update covers 26 vulnerabilities while the Flash update covers a critical vulnerability.

  8. Cisco VoIP phones can be turned into "listening posts"

    US security researchers have discovered vulnerabilities in Voice over IP (VoIP) phones from Cisco and other manufacturers that leave them wide-open to phone-tapping and remote listening – and have proposed a new defense, dubbed Software Symbiotes.

  9. Romanian hacker sentenced in multimillion-dollar Subway heist

    Justice for the $5 Foot-Long continues: In the wake of a multimillion-dollar credit-card hacking effort that targeted Subway sandwich shops in the US, one of its central figures has been sentenced in New Hampshire.

  10. Poor programming, app design bolster data breaches

    With data breaches on the rise and the costs stemming from them escalating exponentially, human error is often the culprit. But there’s a deeper issue: poor application design and faulty programming are all too common.

  11. Tyler – an overview, and interview with Anonymous

    Tyler is touted as ‘WikiLeaks on steroids.’ The current site (codenametyler.org) is unimpressive – so Infosecurity reached out to Anonymous for an update on its development.

  12. Chinese national pleads guilty to role in $100 million software piracy scheme

    Xiang Li yesterday pleaded guilty to two federal charges relating to the sale of ‘cracked’ sophisticated software sometimes at less than 1/1000th of its retail price. Sentencing is scheduled for May 3.

  13. John McAfee claims Belize is helping terrorists enter the US

    Security pioneer John McAfee is back in the headlines with a claim that he organized a shadowy group of personal espionage operatives and marshaled keylogging spyware to collect data on top government officials and other powerful people in his adopted home of Belize. As a result, McAfee said he has evidence that Belize is helping Middle Eastern would-be terrorists enter the US with fake identities.

  14. TURKTRUST: No harm from fake digital certificates

    In the wake of the revelation that browser vendors Microsoft, Google and Mozilla have blocked two faulty SSL certificates generated by Turkish Certificate Authority third-party TURKTRUST, the company has responded that there was no attack, fraud or other crime leading up to or arising from the mistake.

  15. Julian Assange taken into custody hoax – just one of many

    A report in IndyMedia UK on 4 January 2013 claimed that WikiLeaks founder Julian Assange had been arrested by Scotland Yard officers while visiting a private medical clinic close to the Ecuadorian embassy. It was a hoax.

  16. Microsoft, Mozilla and Google block fake Google digital certificates

    A new active attack using phony Google digital certificates accidentally issued by a Turkish certificate authority (CA) known as TURKTRUST is making the rounds, affecting Firefox, Google Chrome and Internet Explorer users.

  17. The lessons of Shamoon and Stuxnet ignored: US ICS still vulnerable in the same way

    The ICS-CERT Monthly Monitor for the last quarter of 2012 provides news and alerts for industrial control systems and infrastructure companies – and describes two particular attacks on a power generation facility and an electric utility.

  18. Poor disclosure means poor security standards in Japan

    The ‘lack of public disclosure reflects lack of government-wide standards’ warns the Daily Yomiuri. It is, it suggests, symptomatic of a wider malaise in Japan’s attitude towards cyber defense.

  19. Dissection of 'itsoknoproblembro', the DDoS tool that shook the banking world

    Last autumn the US banking world was shaken by sustained, heavy and effective DDoS attacks that peaked at 70 Gbps – a traffic load capable of overwhelming the majority of network infrastructures. More of the same is expected in 2013.

  20. New Google Chrome clickjacking vulnerability rears its head

    Beware when looking for help with that new Chromebook: Google Chrome users visiting Google support pages could be vulnerable to a clickjacking technique that could lay bare their e-mail addresses, profile pictures, first and last names, and other information.

Why not watch?

  1. Going Beyond Traditional Attack Surface Management with Cyber Threat Intelligence

  2. New Cyber Regulations: What it Means for UK and EU Businesses

  3. Learn Key Strategies for Industrial Data Security

  4. Supply Chain Risk and Mitigation in Operational Technology

What’s hot on Infosecurity Magazine?