Infosecurity News
NullCrew hacks MoD – leaks thousands of plaintext credentials
NullCrew remembered the 5th of November by breaking into mod.co.uk and stealing and dumping more than 3400 email addresses and passwords. While the date of the breach cannot be verified, it does look as if it happened on the Guy Fawkes anniversary.
UK public sector tops £2m in data handling fines
Public sector organizations in the UK are leaking money thanks to a full £2 million in fines that councils, the NHS, police forces and others have seen in response to poor data handling.
Apple releases update for iOS addressing iPhone, iPad critical flaws
Apple has released a new iOS, version 6.0.2, that addresses a handful of vulnerabilities in the system affecting iPhone 3GS and later, the iPod touch fourth generation and later, and the iPad 2 and later devices.
Team GhostShell declares war on Russia – leaks 2.5 million records
Announcing its Project Hellfire back in August, hacking group Team GhostShell warned, “Two more projects are still scheduled for this fall and winter. It's only the beginning.” Now it introduces Project BlackStar with an initial leak of 2.5 million records stolen from Russian organizations.
ASIS revamps POA reference for security professionals
Security professional organization ASIS International has released a new edition of its Protection of Assets (POA) reference series, to dovetail with its 35h certification program anniversary and a stepped-up focus on global collaboration.
Georgia: Russia responsible for Georbot cyber-spy attack
In a testament to the ever-changing nature of state-sponsored cyber-espionage, the governmental Computer Emergency Response Team (CERT) of the Republic of Georgia has published a breakdown of the so-called “Georbot Botnet,” a campaign carried out against the Georgian government using malware that infected machines primarily via hacked news sites.
Megaupload takedown demonstrates the danger of storing data anywhere in the cloud
The Electronic Frontier Foundation (EFF) has warned about US government claims that a Megaupload user lost his property rights by using cloud storage has implications for all data stored by any user or company with any cloud provider, including Amazon’s S3, Google Apps or Apple iCloud.
As the cloud expands, CSA offers guidance for Security as a Service
The Cloud Security Alliance (CSA) has released the Security Information and Event Management (SIEM) guidance report as part of its Security as a Service (SecaaS) Implementation Guidance.
A look at the Russian underground cyber market
“The Russian shadow economy is an economy of scale, one that is service oriented and that has become a kleptocracy wherein crony capitalism has obtained a new lease on life in cyberspace,” says a new report into the cybercriminal Russian underground.
The cyberwar of words and malware between US/Israel and Iran
The cyberwar between the US/Israel and Iran is one of words as well as computer code. It is widely thought that Iranian hackers are behind the recent spate of attacks against US banks, and that the DDoS attack against HSBC was a specific Iranian hacker response to the anti-Islam film, the 'Innocence of Muslims'.
This is a far, far weirder thing than Sony has ever done
Last week it emerged that the William Faulkner estate was suing Sony over the distribution of the Woody Allen movie, ‘Midnight in Paris.’ On the very next day it launched a second suit against Northrop Grumman and the Washington Post.
Hacker Halted: Government Needs to Embrace Bug Bounty Incentive
We have nothing to lose by offering bug bounty rewards, Jeremiah Grossman, Founder and CTO of WhiteHat Security told the audience at Hacker Halted in Miami, 29th October 2012.
Problems at a cyber security conference highlight the difficulties in information sharing
The 12th ICS Cyber Security Conference was held Oct 22-25 at the Old Dominion University's Virginia Modeling Analysis and Simulation Center – but did not quite go to plan...
Anonymous hacks Greek Ministry of Finance
As public demonstrations against austerity measures grow in Greece, and support for far-right organizations such as the Golden Dawn increases, Anonymous hacks into the Ministry of Finance and releases confidential documents just days before the government is due to vote on further cuts.
Hacker Halted: Forget About Securing Devices and Secure the Data
Opening the Hacker Halted conference in Miami, Florida, 29th October 2012, Jav Bavisi, president and CEO of the EC-Council, told the audience that the post-PC era of computing requires a fundamental shift in the security industry’s tactics.
NullCrew continues its hacking spree with a new international operation
NullCrew is a hacking team that bears some similarities to the defunct LulzSec: it has sympathy with Anonymous, but is separate from Anonymous. It does, however, operate with none of the taunting flamboyance that probably led to the downfall of LulzSec.
3.6 million social security numbers and 387,000 card numbers stolen
Taxpayers in South Carolina have been told of a security breach involving the theft of millions of social security numbers and hundreds of thousands of debit and credit card numbers. None of the SSNs were encrypted and 16,000 of the bank cards were similarly unencrypted.
DDoS and SQL injection are the most popular attack subjects
An analysis of conversations in one of the largest known hacker forums – with around 250,000 members – has revealed that SQL-injection and DDoS are the subjects of most interest to up-and-coming wannabe hackers.
The Future of Hacktivism: Why Unemployment Will Increase Hacktivist Activity
Research on the similarities between hacktivist groups like Anonymous and real-world protest groups and the future of hacktivism has been carried out by Czech Technical University in Prague.
Stoke-on-Trent gets £120K fine for second data encryption offense
The ICO has hit the Stoke-on-Trent City Council with a hefty £120,000 fine for failing to use basic encryption on email messages, and for sending a message about a child protection case to the wrong person.
