Infosecurity News
Mega’s security put under the microscope; and Mega responds
Following the razzmatazz at the launch of Dotcom’s new secure Mega file storage service over the weekend comes the expected analysis and criticism of its security. There are two primary areas of focus – the RSA key generation and an apparent deduplication process.
Red Dot – a new exploit kit for hire
A new exploit kit dubbed Red Dot is being offered for hire on the internet underground at $700 for 6 months, or $1200 for a full year (although the vendor retains ‘the right to change the price of the product at any time’).
Canadian student threatened, expelled and then hired
The solution to bad publicity is to own it, not inflate it. That’s what SkyTech has done with the Canadian student who found flaws in its software: first he was threatened and expelled, but now he’s been offered a scholarship and part-time job.
Foxit fixes PDF reader security vulnerability
Foxit has released a new version of its PDF viewer, Reader 5.4.5, which fixes a web browser plugin vulnerability that would allow attackers to execute arbitrary code.
Cyber risk is not translating into boardroom discussion
Responsibility for cyber risk starts and stops with the board, says GCHQ; cyber attack is the most likely technology risk incident says the World Economic Forum; but the board isn’t taking it seriously, suggests Trustwave.
PCI Council announces new board seats, working groups and Asia-Pac event
The PCI Security Standards Council (PCI SSC) is tapping the payments community to participate in the 2013–2015 Board of Advisors election process, fresh PCI Special Interest Groups (SIG) and the 2013 PCI Community Meetings.
FAKEM RATs disguise their network traffic as legitimate
While well known remote access trojans such as Gh0st, PoisonIvy, Hupigon, and DRAT produce network traffic that is easily detectable, a new family of malware dubbed FAKEM seeks to disguise its presence by making the traffic look like a legitimate protocol.
Spam campaign makes offerings to Zeus
The widespread banking trojan/botnet known as Zeus is continuing to throw its malware-infested thunderbolts at unsuspecting users, this time through a wide-net spam campaign.
Shylock malware dials up Skype
The banking trojan known as Shylock is calling up more victims, thanks to a new propagation tactic of using Skype. It’s also added a few new features to worsen the infection.
Credit card-stealing malware infests nearly 100 Zaxby's chicken restaurants
Hackers have already been shown to have a taste for Subway, but they apparently have a hankering for fried chicken too. A new criminal attack has potentially compromised credit card data at almost 100 locations of Zaxby’s, a Southern, chicken-centric restaurant chain in the US.
Red October analysis reveals complex, two-stage attack
In the wake of the discovery of Red October, a complex, in-depth cyber-espionage campaign going back at least five years, security researchers have published a comprehensive analysis of the breadth and depth of the operation, uncovering a two-pronged attack methodology.
Anonymous Mexico hits defense ministry in support of Zapatistas
South-of-the-border members of the hacktivist collective Anonymous have claimed responsibility for a cyber attack on the Mexican defense ministry that brought down its website temporarily this week.
FireEye adds six new executives to its leadership team
California-based cybersecurity specialist FireEye has added six new members to its global leadership team, the firm recently announced
Adobe patches four exploited ColdFusion flaws
In its own Microsoft-synchronized Patch Tuesday this month, Adobe merely issued an advisory on four known and exploited flaws in ColdFusion. Yesterday it patched them.
BC healthcare breach affects 5 million Canadians
Health data for more than five million British Columbians over the course of at least three incidents has been handled improperly by the Ministry of Health in its dealings with university researchers and contractors, violating the regulations for encryption required by law. The BC provincial government plans to notify more than 38,000 individuals of the breaches by letter.
90% of passwords can be cracked in seconds
More than 90% of user-generated passwords can be made vulnerable to hacking in a matter of seconds, according to new research from Deloitte.
Sixty percent will fall to a phishing attack that might herald an APT
The type of attack known generally as an advanced persistent attack (APT) is typically highly targeted and advanced; that is, it is aimed at one company (or a small group of companies), and will likely use one or more zero-day exploits.
John McAfee turns up in Oregon to work on autobiography
Anti-virus security pioneer John McAfee has packed up and moved to Oregon, after months of erratic behavior and intrigue in Central America. His goal is to tell his life story through a series of media projects.
Red October cyber-espionage campaign targeted high-level government entities for 5 years
A high-level cyber-espionage campaign has successfully infiltrated computer networks at diplomatic, governmental and scientific research organizations across the globe over the course of the last five years, security researchers say.
Websense appoints new CEO
Unified information security technology vendor Websense has named John McCormack as its new chief executive following the announced retirement of former CEO Gene Hodges