Infosecurity News
Fake Google Chrome updates unleash banking trojan
A ploy targeting consumers with bogus Google Chrome browser updates is spreading Zeus-like banking malware to unsuspecting web surfers.
Global Payments breach cost the company $93.9 million – so far
Global Payments, which has never been particularly forthcoming over the loss of 1.5 million card details (it could have been more) in 2012 (it could have been earlier) has now disclosed associated costs of $93.9 million – but it will be more.
99% of mobile malware targets Android
The fact that Android malware is an escalating issue comes as no surprise, but a recent analysis of its sheer 'market share' of the mobile malware universe is noteworthy.
iOS app bait-and-switch scams made harder by Apple
Bait-and-switch is a tried and tested scam used in many forms of retail. In the app world it involves tricking users into believing they are buying something ‘good’ while in reality they are buying something bad.
UK cyber-hygiene in need of a good scrub up
Coinciding with the publication of yesterday’s highly critical Defence Select Committee report on the state of cyber security in the military, Major General Shaw points the finger at the public.
FBI warns of renewed fake American Airlines email attack
The FBI has warned that new malware is making the rounds, embedded within faux emails from American Airlines claiming to send order confirmations.
Virtustream teams up with Vormetric on cloud-based encryption
Cloud-based software firm Virtustream has partnered with enterprise encryption specialist Vormetric to add database encryption and key management to its xStream cloud solution for enterprise compliance requirements
88% of businesses think they're safe from cyber attack
Overconfidence is apparently endemic when it comes to a sense of cybersecurity: a new study from Deloitte shows that 88% of companies surveyed don’t think they are vulnerable to an external cyber threat, and half don’t have a documented plan in place in the event of one.
Adobe’s patches for January 2013
Adobe has released security updates for Adobe Reader and Adobe Flash Player, and has re-issued its ColdFusion advisory. The Reader update covers 26 vulnerabilities while the Flash update covers a critical vulnerability.
Cisco VoIP phones can be turned into "listening posts"
US security researchers have discovered vulnerabilities in Voice over IP (VoIP) phones from Cisco and other manufacturers that leave them wide-open to phone-tapping and remote listening – and have proposed a new defense, dubbed Software Symbiotes.
Romanian hacker sentenced in multimillion-dollar Subway heist
Justice for the $5 Foot-Long continues: In the wake of a multimillion-dollar credit-card hacking effort that targeted Subway sandwich shops in the US, one of its central figures has been sentenced in New Hampshire.
Poor programming, app design bolster data breaches
With data breaches on the rise and the costs stemming from them escalating exponentially, human error is often the culprit. But there’s a deeper issue: poor application design and faulty programming are all too common.
Tyler – an overview, and interview with Anonymous
Tyler is touted as ‘WikiLeaks on steroids.’ The current site (codenametyler.org) is unimpressive – so Infosecurity reached out to Anonymous for an update on its development.
Chinese national pleads guilty to role in $100 million software piracy scheme
Xiang Li yesterday pleaded guilty to two federal charges relating to the sale of ‘cracked’ sophisticated software sometimes at less than 1/1000th of its retail price. Sentencing is scheduled for May 3.
John McAfee claims Belize is helping terrorists enter the US
Security pioneer John McAfee is back in the headlines with a claim that he organized a shadowy group of personal espionage operatives and marshaled keylogging spyware to collect data on top government officials and other powerful people in his adopted home of Belize. As a result, McAfee said he has evidence that Belize is helping Middle Eastern would-be terrorists enter the US with fake identities.
TURKTRUST: No harm from fake digital certificates
In the wake of the revelation that browser vendors Microsoft, Google and Mozilla have blocked two faulty SSL certificates generated by Turkish Certificate Authority third-party TURKTRUST, the company has responded that there was no attack, fraud or other crime leading up to or arising from the mistake.
Julian Assange taken into custody hoax – just one of many
A report in IndyMedia UK on 4 January 2013 claimed that WikiLeaks founder Julian Assange had been arrested by Scotland Yard officers while visiting a private medical clinic close to the Ecuadorian embassy. It was a hoax.
Microsoft, Mozilla and Google block fake Google digital certificates
A new active attack using phony Google digital certificates accidentally issued by a Turkish certificate authority (CA) known as TURKTRUST is making the rounds, affecting Firefox, Google Chrome and Internet Explorer users.
The lessons of Shamoon and Stuxnet ignored: US ICS still vulnerable in the same way
The ICS-CERT Monthly Monitor for the last quarter of 2012 provides news and alerts for industrial control systems and infrastructure companies – and describes two particular attacks on a power generation facility and an electric utility.
Poor disclosure means poor security standards in Japan
The ‘lack of public disclosure reflects lack of government-wide standards’ warns the Daily Yomiuri. It is, it suggests, symptomatic of a wider malaise in Japan’s attitude towards cyber defense.