Infosecurity News
Advanced vSkimmer botnet targets card payment terminals
The next evolution of credit card payment details extraction has hit Russian underground hacking forums in the form of the vSkimmer malware, a botnet that directly targets card payment terminals using Windows.
Anonymous claims Mossad hack; experts not convinced
This weekend saw the release of around 35,000 names and other details, allegedly including Mossad agents, stolen by Anonymous and following a warning that OpIsrael phase 2 – designed to ‘erase’ Israel from the internet – would commence on 7 April.
Details of the latest Sykipot exploits revealed
Sykipot malware, often tied to a Chinese origin, has been used extensively over the last few years to target primarily US defense organizations. Now the latest zero-day exploits used by the gang have been revealed.
Seoul cautious in blaming North Korea for massive cyberattack
South Korea, the globe’s most-wired country and one of its biggest tech hubs, has been hit with a wave of attacks on major media and banks, freezing networks and broadcast infrastructure and rendering a swath of ATMs, mobile banking, websites and payment kiosks unusable.
Privacy rules for the Police National Database protected sex offender Jimmy Savile
A critical review of the Jimmy Savile case, who now posthumously has hundreds of sexual abuse allegations against him, suggests that a combination of his celebrity status and police privacy rules combined to protect him for decades.
Scam warning: Facebook Black is back
The opportunity to change from Facebook blue to a different color is not a new scam, but there’s a new one doing the rounds right now: “I Totally Just Added The Brand New Facebook Black.”
Carna botnet – an interesting, amoral and illegal internet census
It started from a joke – we should try root:root to log on to random IP addresses. But it evolved from that into a botnet of port scanners able to port scan the entire IPv4 internet in very short order: a complete IPv4 internet census.
NATO lays out cyber-war rules of engagement
A new handbook created for NATO has set out 95 black-letter rules of cyber warfare that, among other recommendations, states that governments should refrain from launching attacks on civilians, hospitals, nuclear power stations, dams and dykes.
Pinkie Pie slices out $40K reward at Google Pwnium 3 hacking contest
Earlier this month at the CanSecWest security conference, Google’s Chrome team took part in the Pwn2Own hacking contest and hosted its own, the third iteration of its Pwnium competition. While there weren’t any “winning” entries at Pwnium – i.e., no full exploits against the browser were developed – Google did pay out a partial reward to the teen hacker who appears to be making Chrome a bit of a specialty.
Sophisticated Rating System for Cyber Attacks Proposed
It has long been suggested that ‘advanced’ is a misnomer in the majority of APTs; and that ‘sophisticated’ has lost its meaning. Is it time for an objective attack rating to eliminate emotive, subjective and misleading threat terminology?
Still NotCompatible: Android trojan takes fresh tack with spear-phishing
An old Android malware threat is targeting mobile devices in a new way: the NotCompatible mobile trojan is now using email spam to dupe people into clicking an initiating link.
Has HTTPS been broken?
In practical terms for the average user, probably not yet; but in the absolute terms of crypto-theory, probably yes – again. The difference is that security professionals measure security in the relative terms of risk analysis, while cryptographers take a binary view to cryptography: it is or it is not broken.
Removing administrator rights is no solution against drive-by attacks
When Windows 7 was released, Gartner recommended that migration from XP be used as a catalyst for removing administrator rights from as many users as possible, which it said is ‘the single most important way to improve endpoint security.’
Credit reporting one key to celebrity doxxing affair
In the wake of the high-profile celebrity and politician doxxing campaign last week, in which private information about dozens of celebs from Michelle Obama to Kim Kardashian was posted online, more information about the provenance of the information has come to light.
NIST’s National Vulnerability Database vulnerable and hacked
The first sign of a problem was the simple message, this site is ‘down for maintenance’. This was later replaced by the current message, NVD ‘has experienced an issue with its web services and is currently not available.’ The reality is, NVD got hacked.
Who’s really attacking your ICS Equipment?
State-sponsored malware such as Stuxnet and Flame raised awareness of ICS/SCADA vulnerabilities, and the potential for serious infrastructure damage via them. New research presented today at Blackhat Europe discusses the findings of a honeynet study into ICS attacks.
Printer-related security breaches affect 63% of enterprises
Even though organizations are increasingly aware of the damage that can be done to their reputation and customer trust through the misuse or loss of sensitive data, a new report reveals that only 22% of businesses have implemented secure printing initiatives, indicating a low level of awareness of the efficacy of this attack vector.
Tibetan, Uyghur activists fall victim to MiniDuke malware
Activists for Tibet and China’s Uyghur community are being targeted once again, this time with an Adobe PDF vulnerability using the MiniDuke malware.
Malware attack recovery costs an average of $3,000 per day
Organizations citing cybersecurity costs as an impediment to implementing a layered defense should rethink their priorities: Denial of service (DDoS) and malware infection recovery costs range into the thousands of dollars – per day.
Nevermind Anonymous – organizations are in danger of DOSing themselves
The danger comes from staff bringing both their personal devices and their personal preferences to work – whether that’s listening to the radio, watching the latest episode of their favorite soap during break periods, or browsing YouTube.
