Infosecurity News

  1. Kuluoz-loaded spam shines in April

    As April draws to a close, its predominant malware distribution trend lies in the proliferation of spam email purporting to link to an invoice, receipt, airline ticket or other confirmation document for a large purchase. The initial payload of this campaign has been a malware trojan called Kuluoz, which uses an icon that resembles a Microsoft Office application document.

  2. Malicious Apache server and Blackhole provide stealthy backdoor

    A modified version of an Apache web server is redirecting requests to the infamous Blackhole exploit kit. Researchers have unmasked a new bug being served up, dubbed Linux/Cdorked.A, as a sophisticated and stealthy backdoor meant to drive traffic to malicious websites.

  3. Fraud-as-a-service takes to Facebook to market financial crimeware

    Fraud-as-a-service (FaaS) offerings have been knocking around since the release of the first commercial banking trojan, Zeus, in 2007, largely offered through postings in the shadowy world of underground hacking forums. Lately, though, FaaS operators are turning to a new marketing platform: Facebook.

  4. Smart meters – benefit or information security threat?

    Smart meters are being ‘sold’ to the public as a benefit to the householder, leading to better electricity management, lower emissions, easier switching and an electronic connected home. But there are also growing concerns about the privacy and security issues they bring with them.

  5. Asian RATs dominate the malware landscape

    The malware epidemic has gone global, with 184 nations housing communication hubs and command-and-control (CnC) servers, new research has found. Of that, Asia and Eastern Europe account for the majority of activity.

  6. Serial killers: More than 100K hackable ports are still out there

    Remember serial ports? Those 9-pin connections used to hook up a mouse or keyboard to a desktop computer? The world may have gone gaga for USB ports, laptops and tablets, but these relics from the pre-portable computing era are still knocking around enterprises.

  7. New Google Play policy to thwart bait and switch malware on Android

    Google has changed its Play Store policy to make bait and switch malware tactics more difficult – an app that is downloaded via the Google Play mechanism must now also be updated via the Google Play mechanism.

  8. Flaw in Apple’s Safari browser

    Safari, the world’s fourth most popular browser, contains a universal cross-site scripting bug that could be exploited to steal cookies, passwords or files, perform cross-site request forgeries (CSRF) or install viruses via malicious Javascript.

  9. Iceland, Wikileaks and The Pirate Bay

    Tiny Iceland has a history of facing down larger adversaries (in 1976 it ‘won’ the Cod Wars against the UK; in 2011 it sent US agents packing for not obeying protocol). But now it will face renewed scrutiny from two of the world’s most powerful agencies: the FBI and the Rightsholders.

  10. Privileged account compromise behind 100% of recent large-scale APT attacks

    Privileged accounts with insufficient security is a prime vector for targeted cyber-attacks, leading to theft, misuse and exploitation, and their compromise is becoming a key tactic in each phase of an advanced persistent threat (APT) attack cycle.

  11. Infosecurity Europe 2013: Infosec can no longer hinder business objectives

    CISOs need to change their approach if they are to make their voice heard

  12. Verizon: Financial malware, state-sponsored hacking dominated 2012 data breaches

    Large-scale financial cybercrime and state-affiliated espionage dominated the security landscape in 2012, taking top (dis)honors for being behind the most breaches during the year.

  13. Infosecurity Europe 2013: Analysts scan the threat horizon

    Hacktivism and espionage are poised for growth, but cyberthreats will continue to follow the money.

  14. Infosecurity Europe 2013: Small firms in cybercriminals' sights

    More small firms are the victims of cyber attacks, and the cost of breaches is rising across the board, according to a PwC-BIS survey.

  15. IPS needs to become more aware of advanced evasion techniques

    Advanced evasion techniques (AETs) rarely receive the full publicity they deserve – possibly because it is a term originally coined by one manufacturer (Stonesoft) to describe how attackers defeat other security manufacturers.

  16. Infosecurity Europe 2013: Minister puts infosecurity at heart of UK growth strategy

    Chloe Smith, Minister for Political and Constitutional Reform, opens Infosecurity Europe 2013

  17. Twitter for news and malware: threats spreading through malicious tweets

    With 288 million active users, Twitter has proven itself over and over to be a fantastic tool for spreading information and acting as a news source, especially in times of crisis.

  18. Fresh Operation Beebus attack targets military drone technology

    Attack on the drones? A dozen organizations in aerospace, defense, telecom and government agencies located in the US and India are the target of an Operation Beebus campaign that goes back to at least as early as December of 2011.

  19. BAE Systems Detica Promotes Need for Security Data Analytics

    It has to be accepted that in some areas security simply isn’t working – or at least it’s not working well enough. Time and again it’s discovered that a major breach has occurred, followed by a subsequent revelation that the attackers have been on the network for months or even years.

  20. BadNews Android malware pushes fraud schemes

    A new mobile malware family, the appropriately named BadNews, has been found in 32 apps across four different developer accounts in Google Play. It masquerades as an advertising network, but in actuality pushes fraud-oriented malware and other “monetization” bugs.

Why not watch?

  1. Alert Fatigue: What Are You and Your Security Teams Missing?

  2. New Cyber Regulations: What it Means for UK and EU Businesses

  3. Identifying Concentration Risk and Securing the Supply Chain

  4. How to Manage Your Risks and Protect Your Financial Data

What’s hot on Infosecurity Magazine?