Infosecurity News

  1. Many SOHO routers vulnerable

    A Baltimore-based security firm has evaluated thirteen mainstream routers used by consumers and small offices to connect to the internet, and found all of them vulnerable – 11 of them remotely.

  2. LulzSec hacker Kresinger gets a year in prison

    Cody Kresinger, who pleaded guilty in April 2012 to charges of conspiracy and unauthorized impairment of a protected computer – namely, Sony Pictures Entertainment – was yesterday sentenced to one year in prison and 1000 hours community service, and further ordered to pay $605,663 in restitution.

  3. Gozi is back – and worse than ever

    Hopes that the Gozi trojan had suffered a severe setback with the arrest of three gang leaders appear short-lived; Gozi remains and has been integrated into an MBR bootkit making it more dangerous than ever.

  4. Phishing campaign exploits Boston Marathon, Texas Fertilizer tragedies

    A combination phishing/iframe redirect/RedKit Exploit Kit/botnet attack is exploiting recent tragic events in Boston and Waco, Texas. The campaign infects machines with the Zeus and Kelihos bots, which steal financial and personal information, send unsolicited email or hijack the machine for use in distributed denial-of-service (DDoS) attacks.

  5. New security firm established to help combat APTs

    ThreatTrack Security, based in Clearwater, Florida, comprises experienced malware fighters and proven technologies for the analysis, detection and remediation of advanced cyber threats, including advanced persistent threats (APTs)

  6. Recycled phones retain their previous owners’ data

    Too many users are recycling their old phones without realising that data is left behind even after deletion or a factory reset. With employees now using their devices for both business and personal purposes, the result could be the inadvertent loss of confidential information.

  7. DDoS 'fire drill' service urges companies to be prepared

    We learn as children to practice what to do in the event of a disaster (fire, tornado, hurricane, earthquake, nuclear fallout). And when one lives in a high-risk area, preparedness and having plans are drilled into us, just like other societal norms like using a fork at dinner or putting trousers on one leg at a time.

  8. ENISA endorsed with a new 7 year EU mandate

    The European Network and Information Security Agency (ENISA) has received a new mandate from the European Parliament to continue and enhance its work: votes in favor, 626; against, 45; abstentions, 16.

  9. Linode web hosting hack used Adobe ColdFusion zero-day

    Web hosting provider Linode has been hit with a zero-day attack that compromised its database, including credit card numbers, parts of the source code and passwords. In a security notice the company said that it has instigated a full password reset for all accounts in the wake of the hit.

  10. Top Secret: secunet delivers sophisticated IT security solutions

    secunet Security Networks is one of Germany's leading providers of IT security services. Specializing in the protection of classified/sensitive information, the firm works closely with customers to develop and implement high-performance products and state-of-the-art IT security solutions.

  11. Mobile malware gets serious – RATs can bypass sandboxes and encryption

    Mobile remote access trojans are becoming increasingly sophisticated and increasingly successful – new research suggests that 1 in 1000 smartphones have mRATs installed.

  12. ICS-CERT reports two hacks on building management systems

    The latest issue of the ICS-CERT Monitor has described two similar hacks that happened last year where attackers used a weak credentials vulnerability to gain access to buildings’ energy management system (EMS), Tridium Niagara.

  13. Researcher finds five security holes in Linksys home routers

    Last year, independent security researcher Phil Purviance demonstrated a vulnerability in a WRT54GL router that would allow a hacker to design an internet worm that targeted them and turned the routers into a powerful botnet that is able to monitor traffic across all types of networks.

  14. Sourcefire appoints new CEO

    The Maryland-based security firm has named John Becker as its new chief executive

  15. Pincer.A – new Android trojan warning

    A new Android trojan that pretends to be a security feature has been discovered. Once installed, it displays a ‘certificate’ logo, which, if clicked, pops up a message: “Certificate installed successfully! Your device is protected now.”

  16. SpiderOak shares are vulnerable

    A few weeks ago research showed that Amazon’s public buckets can be more public than their owners intended. Now the original researcher shows that Amazon (and Apple’s MobileMe) file storage options are not alone: SpiderOak is also vulnerable.

  17. Darkleech infects 20,000 websites in just a few weeks

    Security researchers have long been aware of the Darkleech threat; but general public awareness is new. It is Apache 2.2.2+ web server malware that infects web pages and seeks to redirect visitors to other sites hosting exploit kits.

  18. US Army has gaping BYOD mobile security holes

    The effects of the bring-your-own-device (BYOD) phenomenon are being felt across the US military, according to a report from the US Inspector General’s office. It found that US military data security is woefully lacking when it comes to device tracking and policy enforcement. Most alarmingly, the military CIO’s office was found to be unaware of more than 14,000 mobile devices in active use across the US Army.

  19. Bitcoin hackers hit Mt. Gox and Instawallet with major attacks

    Bitcoin, the virtual currency employed for various web-related transactions, has been enjoying an epic valuation the last few days, reaching an all-time high of $142 per BTC this week according to trading platform Mt. Gox. That translates into $1 billion in BTC circulation, and the smell of money has apparently attracted hackers to the well: Two separate attacks, aimed at Mt. Gox as well as Instawallet, have caused major Bitcoin service interruptions.

  20. UK think-tank advocates a central hub for police social media intelligence

    Policing is intelligence led. Social media is a prime source of intelligence (SOCMINT – social media intelligence). To maximize the potential in SOCMINT it is suggested that the police should develop a central hub of social media expertise.

Why not watch?

  1. Mastering Australian Privacy Act and Essential Eight While Improving Cybersecurity Posture

  2. How to Manage Your Risks and Protect Your Financial Data

  3. New Cyber Regulations: What it Means for UK and EU Businesses

  4. Identifying Concentration Risk and Securing the Supply Chain

What’s hot on Infosecurity Magazine?