Infosecurity News
Krebs outs Flashback author
A year ago Flashback became the most prolific ever Mac virus, infecting an estimated 650,000 Macs. Now researcher and blogger Brian Krebs names the man he believes to have authored the trojan.
Zombie survivalist game, The War Z, taken offline following password hack
Gaming platforms, from the Sony PlayStation Network data heist to a break-in of the Gamingo platform one year ago are sporadic but compelling targets for hackers, thanks to their ability to touch so many users at one time. The latest gaming victim is the online multiplayer game, The War Z, which has been taken offline after the compromise of thousands of user accounts.
Hundreds of Japanese one-click scams found infesting Google Play store
Niche-focused malware is becoming more prevalent as targeted attack vectors continue to pay off in terms of social engineering.
London Underground users can now be hacked at more than 100 Tube stations
The introduction of Virgin Media’s WiFi to the London Underground is a valuable addition to the UK capital’s anywhere, anytime attitude towards work and the internet – access via mobile phones and tablets need no longer be affected simply because the user is 20 metres underground.
Firefox 20: 11 security fixes and improved private browsing
Firefox 20 was released on Tuesday. It includes 3 critical, 4 high, and 4 moderate vulnerability fixes; plus several enhancements including a private browsing mode and improved download manager.
LockLizard extends PDF rights management security to the iOS platform
The London-based digital rights management (DRM) specialist has released its latest Secure PDF Viewer for the iOS mobile operating system
BaneChant trojan hides behind multiple mouse clicks
A backdoor trojan apparently aimed at the governments of the Middle East and Central Asia has been detected, with a notable new ability to evade detection by tying its execution to multiple mouse clicks.
Washington DSHS clients face potential patient data breach
Stolen hardware is once again the culprit behind a potential healthcare breach – this time in Washington state, where a private contractor's laptop containing confidential and personal health information on 652 state Department of Social and Health Services (DSHS) clients was discovered to be stolen.
Men's Health & Miltary-themed emails spread malware
An email campaign spreading malware via links purporting to be either for Men’s Health articles or military-related is spreading quickly, and appear to be coming from Australia or South Korea.
Does ACTA live on in the EC IPRED Directive?
The European Commission has run a public consultation on the enforcement of IPRED – the Intellectual Property Rights Enforcement Directive. The consultation closed on the day before April Fool’s Day – but not everybody is amused.
American Express joins the ranks of US banks attacked by al-Qassam group
On Thursday last week the American Express website went offline for a couple of hours during a DDoS attack by the Izz ad-Din al-Qassam Cyber Fighters in pursuance of their ongoing protest against the Innocence of Muslims video.
Don't forget: Evernote used for malware control
The cloud-based note-taking tool Evernote, with its adorable elephant logo and general user-friendly touchy-feely vibe, seems innocuous enough. However, cybercriminals are giving it a very different character, by hijacking the popular service and using it as a communication and control (C&C) server for malware.
Amazon cloud’s public buckets may be too public
Amazon’s Simple Storage Service (S3) is a popular cloud storage service, used by business to store static files, and by individuals to share them. Storage can be either public or private; but new research suggests that public is possibly more public than intended.
Spamhaus suffers largest DDoS attack in history – entire internet affected
Spamhaus, an IP blacklisting service, has been under a distributed denial-of-service (DDoS) attack for a week. Attack traffic has been rated at up to 300Gbps – three times higher than the previous record, and six times greater than the typical attack recently targeting US banks.
Java vulnerabilities are almost ubiquitous
Java vulnerabilities are seemingly ubiquitous, with vulnerabilities and zero-days nabbing headlines on what seems like a weekly basis. According to an analysis, that perception cleaves fairly close to reality: 94% of endpoints are vulnerable to at least one Java exploit, opening the door for data theft.
The dark side of encryption and social networks: Pedophile Jailed in UK
An internet pedophile has been jailed at the Inner London Crown Court for eight years after using social networks for grooming and encryption to hide his offenses. Because of the encryption, the police can only guess at other crimes.
Trojans, RATs and Slovenian money gang involved in $2.5 million bank fraud
Slovenian Police have detained five citizens in a $2.5 million, highly targeted bank fraud campaign. The criminal group was found to be using 25 money mules to electronically transfer funds out of the accounts of smaller companies.
Identifying individuals through mobile tracking
A new report published in Nature's Scientific Reports section shows how the location data available from mobile devices can be used as a virtual fingerprint to identify individual people regardless of whether the data is 'anonymized'.
Ministry of Justice consultation on compulsory DPA audits for NHS bodies
The UK Ministry of Justice has issued a new consultation paper aimed at NHS data controllers asking for views on whether the ICO should be able to impose a data protection audit on NHS bodies without their consent.
Pirated software carries malware payload that can cost billions
Pirated software may carry an ostensibly small price tag compared to the real thing, but it often also carries something else: ride-along malware that will cost consumers 1.5 billion hours and $22 billion this year in identifying, repairing and recovering from its impact.
