Infosecurity News

  1. Crystal ball time: Top 2013 risks include cyber war, cloud and BYOD

    As the year draws inexorably to a close, it’s only fair and natural that we, as an industry, peer into the future to see what could await us in the New Year. The latest to tackle such prognostication is the Information Security Forum (ISF), which has ID’d the top five security threats businesses will face in 2013.

  2. 91% of APT attacks start with a spear-phishing email...

    ...and 94% of the emails carry a malicious attachment – usually in ZIP, XLS or RTF format. These are the findings of new research published today.

  3. Critical infrastructure at risk from SCADA vulnerabilities

    SCADA software, used for industrial control mechanisms in utilities, airports, nuclear facilities, manufacturing plants and the like, is increasingly a target for hackers looking to exploit what appear to be growing numbers of vulnerabilities – giving rise to fears that critical infrastructure may be at risk.

  4. Yahoo! mail exploit on sale for $700

    A new zero-day vulnerability in Yahoo! Mail has given rise to a $700 exploit for sale in the hacking underground.

  5. Europol and ICE seize 132 domain names on Cyber Monday

    The US Operation In Our Sights temporarily morphed into Project Cyber Monday 3 – with a European Project Transatlantic offshoot – and netted a combined haul of 132 seized counterfeiting website domains.

  6. High-end Citadel financial malware overtakes Zeus as king

    Citadel, which researchers say is essentially the Lamborghini of the financial information-stealing malware scene, is well on its way to overtaking Zeus and SpyEye as the go-to banking trojan after only being discovered earlier this month.

  7. Go Daddy DNS hack spreads ransomware

    Go Daddy, the world’s largest internet domain host and registrar, may soon be known for more than those racy Super Bowl ads featuring Danica Patrick: ransomware is being spread across its footprint.

  8. OFCOM suggests ISPs must decide who is a subscriber in relation to 3-strikes

    Just as the US voluntary six-strike infringement code is about to begin, the UK’s statutory three-strike regime inches closer with an OFCOM study into piracy and guidance on what constitutes a subscriber.

  9. Greek man arrested over theft of 9 million personal data details

    While European eyes are focused on the increasing political unrest in Greece, it has taken US reporters to notice a small detail: a Greek man has been arrested on suspicion of stealing 9 million personal data files.

  10. (ISC)² looks to address security expertise gap with 2013 scholarships

    It’s no secret that with the ever-rising tide of cyber threats there comes a need for additional security expertise to adequately combat the scope of attacks. Many IT departments suffer from a human capital resource issue, and it’s not always funding-related.

  11. New Linux rootkit delivering drive-by infections discovered

    Eight days ago an ‘anonymous victim’ posted details of a new Linux rootkit to the Full Disclosure mailing list, asking for information. The rootkit was adding an iFrame into HTTP responses returned by the victim’s web server.

  12. Quantum cryptography for all takes a giant leap closer

    Toshiba Research Europe, working with the Cambridge University Engineering Lab, has today announced a breakthrough in quantum cryptography; bringing the potential for secure communications for everyone closer to reality.

  13. Problems with the EU’s proposed ‘right to be forgotten’

    The EU’s proposed Data Protection Regulation includes a difficult concept known as the ‘right to be forgotten’. It proposes that individuals should be able to remove personal data that they no longer wish to be public – but it is fraught with difficulties. ENISA has produced a report on these difficulties.

  14. INSIDE Secure buys Apple’s left-overs

    In July Apple announced its intention to acquire security firm AuthenTec. This deal was completed on 4 October. Yesterday, French security firm INSIDE Secure announced its intention to acquire ESS. ESS is owned by AuthenTec.

  15. The legal implications of botnet disruptions

    The best defense against a botnet is to get rid of it – to infiltrate it, to learn all about it, and to take it down. While the takedown is usually done by or with law enforcement and any necessary court orders, the initial infiltration, often by individual security researchers or anti-malware vendors, remains a legally grey area.

  16. Proof-of-concept malware takes over USB smartcards

    As if malware weren’t becoming pervasive already, a new proof-of-concept has been developed by a team of researchers that takes over smart cards plugged into an infected computer’s USB port, putting them and all of the information contained on them in the hands of potential cybercriminals.

  17. ENISA and the privacy considerations of online behavioral tracking

    With advertisers still claiming that ‘do not track’ will destroy the free internet, and a European Commission proposal for privacy-by-design and by default – enforced by sanctions – ENISA has published ‘a technical perspective on behavioral tracking.’

  18. Opera users urged to check for malware

    Browsers come ready-configured with their own start-up home page; but the default Opera home page (portal.opera.com) was compromised with an obfuscated redirect leading to the blackhole exploit kit.

  19. Hacking-as-a-service offers access to Fortune 500 servers for a few bucks

    Call it a hacking-as-a-service (HaaS): a group renting network server access for a variety of Fortune 500 companies, including Cisco Systems, is taking advantage of weak passwords to offer logins for cheap. Despite its discovery three weeks ago, the service still appears to be going strong, at last count renting access to nearly 17,000 computers worldwide.

  20. Google: government user info requests spike sharply in 2012

    No doubt eagerly awaited by online privacy experts, Google has updated its biennial Transparency Report, revealing that governments around the world made nearly 21,000 requests for access to Google data in the first six months of 2012 – a sharp increase. The most requests came from home, with the US asking for information 7,969 times in the first half of the year.

Why not watch?

  1. Going Beyond Traditional Attack Surface Management with Cyber Threat Intelligence

  2. Reinforcing Firewall Security: The Need to Adapt to Persistent Cyber Threats

  3. Learn Key Strategies for Industrial Data Security

  4. Supply Chain Risk and Mitigation in Operational Technology

What’s hot on Infosecurity Magazine?