Infosecurity News
Report tests browser ability to filter malicious URLs
NSS Labs has published the second of its two analyses on the security capabilities of the four leading browsers. The first report was on the ability of browsers to block malware; this second is on browsers ability to filter malicious URLs.
Crystal ball time: Top 2013 risks include cyber war, cloud and BYOD
As the year draws inexorably to a close, it’s only fair and natural that we, as an industry, peer into the future to see what could await us in the New Year. The latest to tackle such prognostication is the Information Security Forum (ISF), which has ID’d the top five security threats businesses will face in 2013.
91% of APT attacks start with a spear-phishing email...
...and 94% of the emails carry a malicious attachment – usually in ZIP, XLS or RTF format. These are the findings of new research published today.
Critical infrastructure at risk from SCADA vulnerabilities
SCADA software, used for industrial control mechanisms in utilities, airports, nuclear facilities, manufacturing plants and the like, is increasingly a target for hackers looking to exploit what appear to be growing numbers of vulnerabilities – giving rise to fears that critical infrastructure may be at risk.
Yahoo! mail exploit on sale for $700
A new zero-day vulnerability in Yahoo! Mail has given rise to a $700 exploit for sale in the hacking underground.
Europol and ICE seize 132 domain names on Cyber Monday
The US Operation In Our Sights temporarily morphed into Project Cyber Monday 3 – with a European Project Transatlantic offshoot – and netted a combined haul of 132 seized counterfeiting website domains.
High-end Citadel financial malware overtakes Zeus as king
Citadel, which researchers say is essentially the Lamborghini of the financial information-stealing malware scene, is well on its way to overtaking Zeus and SpyEye as the go-to banking trojan after only being discovered earlier this month.
Go Daddy DNS hack spreads ransomware
Go Daddy, the world’s largest internet domain host and registrar, may soon be known for more than those racy Super Bowl ads featuring Danica Patrick: ransomware is being spread across its footprint.
OFCOM suggests ISPs must decide who is a subscriber in relation to 3-strikes
Just as the US voluntary six-strike infringement code is about to begin, the UK’s statutory three-strike regime inches closer with an OFCOM study into piracy and guidance on what constitutes a subscriber.
Greek man arrested over theft of 9 million personal data details
While European eyes are focused on the increasing political unrest in Greece, it has taken US reporters to notice a small detail: a Greek man has been arrested on suspicion of stealing 9 million personal data files.
(ISC)² looks to address security expertise gap with 2013 scholarships
It’s no secret that with the ever-rising tide of cyber threats there comes a need for additional security expertise to adequately combat the scope of attacks. Many IT departments suffer from a human capital resource issue, and it’s not always funding-related.
New Linux rootkit delivering drive-by infections discovered
Eight days ago an ‘anonymous victim’ posted details of a new Linux rootkit to the Full Disclosure mailing list, asking for information. The rootkit was adding an iFrame into HTTP responses returned by the victim’s web server.
Quantum cryptography for all takes a giant leap closer
Toshiba Research Europe, working with the Cambridge University Engineering Lab, has today announced a breakthrough in quantum cryptography; bringing the potential for secure communications for everyone closer to reality.
Problems with the EU’s proposed ‘right to be forgotten’
The EU’s proposed Data Protection Regulation includes a difficult concept known as the ‘right to be forgotten’. It proposes that individuals should be able to remove personal data that they no longer wish to be public – but it is fraught with difficulties. ENISA has produced a report on these difficulties.
INSIDE Secure buys Apple’s left-overs
In July Apple announced its intention to acquire security firm AuthenTec. This deal was completed on 4 October. Yesterday, French security firm INSIDE Secure announced its intention to acquire ESS. ESS is owned by AuthenTec.
The legal implications of botnet disruptions
The best defense against a botnet is to get rid of it – to infiltrate it, to learn all about it, and to take it down. While the takedown is usually done by or with law enforcement and any necessary court orders, the initial infiltration, often by individual security researchers or anti-malware vendors, remains a legally grey area.
Proof-of-concept malware takes over USB smartcards
As if malware weren’t becoming pervasive already, a new proof-of-concept has been developed by a team of researchers that takes over smart cards plugged into an infected computer’s USB port, putting them and all of the information contained on them in the hands of potential cybercriminals.
ENISA and the privacy considerations of online behavioral tracking
With advertisers still claiming that ‘do not track’ will destroy the free internet, and a European Commission proposal for privacy-by-design and by default – enforced by sanctions – ENISA has published ‘a technical perspective on behavioral tracking.’
Opera users urged to check for malware
Browsers come ready-configured with their own start-up home page; but the default Opera home page (portal.opera.com) was compromised with an obfuscated redirect leading to the blackhole exploit kit.
Hacking-as-a-service offers access to Fortune 500 servers for a few bucks
Call it a hacking-as-a-service (HaaS): a group renting network server access for a variety of Fortune 500 companies, including Cisco Systems, is taking advantage of weak passwords to offer logins for cheap. Despite its discovery three weeks ago, the service still appears to be going strong, at last count renting access to nearly 17,000 computers worldwide.
