Infosecurity News

  1. Cross-site scripting attacks up 160% in Q4 2012

    Cross-site scripting (XSS) is increasingly common in the cloud computing world, up more than 160% in the fourth quarter of 2012 from the previous three months, a security firm is warning.

  2. Worldwide communications infrastructure faces APTs, bots, DDoS; mobile networks weakest

    Communications service providers and network operators are a potential weak link when it comes to security. Their networks carry every app, connect every mobile device and provide all of us with on-ramps to the internet. In short, we couldn't communicate personally or on a business level with out them. So how secure is worldwide communications infrastructure?

  3. From hackers to obituary-readers, identity theives have many personae

    From dumpster divers to pickpockets, identity thieves come in many varieties. But while identity theft continues to be one of the greatest security issues for consumers (the US Federal Trade Commission estimates that about 15 million Americans fall victim to identity fraud each year), very few consider the source – and therefore vector – of the attacks.

  4. Java security settings can be ignored by malware

    New vulnerabilities and flaws in Java are so common and frequent that it is difficult to keep pace. Less than two weeks ago it was revealed that the Java sandbox could be bypassed; now it is disclosed that the complete security settings can be ignored.

  5. Google plots Pwnium 3 Chrome hacking contest, with $3.14 million on the line

    In a move with perfect timing considering the number of Chromebooks that Google sold over the holidays (hint: a lot), the company has announced its third Pwnium hacking competition, which will have a new focus: the Chrome OS. In all, the browsing behemoth plans to award up to $3.14 million in winnings to those who can produce full exploits.

  6. Advocacy groups mark Data Privacy Day with key announcements

    The year 2012 was a very bad year for data breaches, with more than 240 million records compromised. So, to mark this week’s international Data Privacy Day, the Online Trust Alliance has released its ‘2013 Data Protection and Breach Readiness Guide’ to help organizations prevent and respond to such incidents.

  7. Anatomy of a botnet targeting Facebook users

    PokerAgent, a trojan botnet that infected about 800 computers, mainly in Israel, and stole around 16,000 Facebook credentials during 2011/2012 is analyzed in depth.

  8. Lessons to learn from the Yahoo! hack

    Last month Egyptian hacker ViruS_HimA claimed a hack into a Yahoo server. He provided proof without disclosing any content, and claimed his purpose was to improve security by demonstrating its weakness.

  9. Malwarebiter is fakeAV, warns MalwareBytes

    A product advertising itself as the ‘World’s greatest anti-malware software’ is really fakeAV from a site that delivers Zeus via drive-by downloading, says Malwarebytes; but Norton Safe Web doesn’t know it.

  10. Numerous surveillance cameras may be vulnerable to unauthorized access by hackers

    About 20 security camera solutions are vulnerable to hackers looking to gain remote, unauthorized access to closed-circuit surveillance networks.

  11. Ransomware threat on the increase

    While DDoS and APTs may be the main threat to business, ransomware is increasingly and effectively being targeted against the consumer. A new spike in Trojan.Ransomlock.Y detections has been noted this week.

  12. Google facing legal battle in the UK over Safari cookies

    Today is Data Protection Day in Europe (Data Privacy Day in the US/Canada). It also marks the launch of a new Facebook page, ‘Safari Users Against Google's Secret Tracking.’

  13. Twitter ordered by France to reveal anti-semitic tweeters

    A French court yesterday ruled that Twitter must reveal the identities of users who post racist and anti-Semitic comments following demands from the Union of Jewish Students of France (UEJF).

  14. Senate Democrats introduce 2013 Cybersecurity Act

    After a US presidential election season that saw cybersecurity policy come front and center in debates and as planks in political platforms, the US Senate Committee on Commerce said this week that it is reviving the debate surrounding the passage of a comprehensive cybersecurity bill with a new proposal.

  15. Eastern European CERTs stage massive Virut botnet takedown

    A large Eastern European botnet has been thwarted in Poland and Russia – for now. Local Computer Emergency Response Teams (CERTs) and partners have shut down the Virut threat, which in Poland alone commanded more than 890,000 unique IP addresses.

  16. ICO fines Sony £250,000 for loss of personal data in 2011

    In a monetary penalty notice dated 14 January but announced today, the Information Commissioner’s Office has fined Sony Computer Entertainment Europe Ltd £250,000 for a serious breach of the UK's Data Protection Act.

  17. SCADA password-cracker targets Siemens gear

    SCADA vulnerabilities are once again making their frightening selves known with the revelation that a new password-cracker is specifically targeting industrial control systems.

  18. Cybersecurity faces mostly 'post-PC' threats

    Even as the existing cybersecurity threat landscape becomes more complex, IT departments should be looking to the next wrinkle: cybercriminals have moved beyond the PC, targeting Android, social media and the Mac OS X with new attacks.

  19. New features available for GoAnywhere file transfer services

    Linoma Software, the managed file transfer and data encryption specialist, has announced new clustering and load balancing capabilities for its GoAnywhere Services version 3.1 offering.

  20. Why did WikiLeaks dox Swartz?

    In a brief series of tweets, WikiLeaks seems to have named Aaron Swartz as a WikiLeaks contributor; but the motivation for the move remains unclear.

Why not watch?

  1. New Cyber Regulations: What it Means for UK and EU Businesses

  2. How to Manage Your Risks and Protect Your Financial Data

  3. Reinforcing Firewall Security: The Need to Adapt to Persistent Cyber Threats

  4. Alert Fatigue: What Are You and Your Security Teams Missing?

What’s hot on Infosecurity Magazine?