Infosecurity News
New Google Chrome clickjacking vulnerability rears its head
Beware when looking for help with that new Chromebook: Google Chrome users visiting Google support pages could be vulnerable to a clickjacking technique that could lay bare their e-mail addresses, profile pictures, first and last names, and other information.
Android spambot spreads by offering free games
File under 'if it sounds too good to be true, it probably is': A new Android trojan is spreading rapidly through SMS messages that offers free stuff, like $1,000 Target gift certificates and free games.
Amazon malware targets holiday favorite, Kindle Fire
Gift-wrapped versions of the Kindle Fire e-reader are expected to be fairly widespread underneath Christmas trees this year, but Kaspersky Lab warns consumers to be alert to malware in the Amazon App Store.
State-sponsored malware like Stuxnet will hit private enterprise hard in 2013
Call it collateral damage: Organized cybercriminals and hackers will leverage digital certificate-based attacks to infect enterprise IT systems with state-developed malware such as Flame and Stuxnet – with the nefarious result of impacting business operations worldwide, and opening the door to a flood of data breaches and brand damage reaching far beyond the cyber-war targets the malware was created for.
Sudoku malware teases users
“As the end of the year approaches and things calm down around the office, what better way to while away a few minutes than with a harmless Sudoku?” ask Sophos researchers Peter Szabo and Richard Wang. Apparently, there are plenty of better options: the two have discovered malware disguised as a Microsoft Excel spreadsheet used to generate Sudoku puzzles.
Apocalypse 2012: Hackers booby-trap end-of-world slide show
As anyone knows who spends time watching the History Channel’s H2 network, which has a full slate of apocalypse-focused programming in heavy rotation, Dec. 21, 2012, marks the end of the Mayan Long Count calendar and is the focus of end-of-days devotees worldwide. Always alert to a social engineering opportunity, hackers have, in the spirit of Armageddon, created a booby-trapped PowerPoint presentation entitled, "Will the world end in 2012?"
Let's Solve 2012 Threats Before Worrying about 2013
While some companies are predicting new and esoteric threats for the new year, nCircle says remember the existing threats: they’re alive and kicking and the bad guys won’t abandon them while they still work.
Murder by Internet devices predicted in 2014
Predictions for 2013 are 'more of the same old same old' suggests one security company; but 2014 will bring ‘murder by interconnected devices’, successful exploitation of military assault systems (drones), infrastructure catastrophes and more.
Cyber-Ark Appoints RSA Exec to its board of directors
Global information security firm Cyber-Ark Software recently announced the appointment of Tom Heiser, president of RSA, The Security Division of EMC, to the company’s board of directors.
Chapro – new Apache malware ultimately delivering Zbot
A newly discovered malicious Apache module injects an iFrame into webpages it serves, sending visitors to a separate server hosting a Sweet Orange exploit pack that currently attempts to deliver Zbot.
2013: Mobile exploit kits, Apple App Store malware, cyberwar top the threatscape
With many of the same cyberthreats expected to play out in 2013 as during 2012 (think government-sponsored attacks, hacktivism and open-source hacks against Wordpress, Joomla and Drupal), Websense Security Labs expects some new wrinkles in the threatscape, including mobile exploit kits and sandbox/virtual environment avoidance.
Trojan Upclicker ties malware to the mouse
As if there weren’t enough security concerns to worry about, like falling for social engineering-based scams, following bad links or downloading fake apps, Windows PC users have another activity to be on guard about: left-clicking the mouse.
After Zitmo comes Citmo – Carberp in the mobile
The Eurograbber campaign exposed earlier this month, netting €36 million for the criminals, was a Zeus-in-the-mobile (Zitmo) attack. Late last week, the AV companies started to warn about new Android trojans: Citmo, or Carberp-in-the-mobile.
An introduction to return on security investment – RoSI
The European Network and Information Security Agency (ENISA) has published a paper on the return on security investment (RoSI); being the problems inherent in calculating a return on investment for loss prevention rather than profit gain.
Europol takes down major card fraud network
Europol has today announced the arrest of 56 suspected card fraudsters, 38 in Bulgaria, 17 in Italy and one in The Netherlands, in an operation involving 400 police officers coordinated from the Operational Centre at Europol headquarters in The Hague.
Facebook, FBI team up to crack botnet ring
The US Department of Justice and the FBI, along with international law enforcement partners, have arrested 10 individuals suspected of operating an international cybercrime ring that has compromised 11 million computer systems and caused more than $850 million in losses via the Butterfly Botnet. And it had help from an interesting source: Facebook.
Fighting off botnets demands public–private sector partnership
Botnets are a rising tide in the malware ocean, but implementing a set of security best practices can aid organizations in erecting levies against it.
BeyondTrust purchases Windows system management specialist
Access management specialist BeyondTrust, headquartered in Carlsbad, California, has acquired Blackbird Group to bolster its product portfolio.
Mixed bag of attitudes and success with encryption
Almost half of businesses worldwide have started using encryption technology to protect critical data, and encryption is now the fifth most used protection technique claims a new report.
The cloud is loved, but not trusted
'Do as I say, not as I do' seems to be the attitude toward the cloud held by security professionals – it’s good enough for company data, but not our own data.