Infosecurity News

  1. Google: government user info requests spike sharply in 2012

    No doubt eagerly awaited by online privacy experts, Google has updated its biennial Transparency Report, revealing that governments around the world made nearly 21,000 requests for access to Google data in the first six months of 2012 – a sharp increase. The most requests came from home, with the US asking for information 7,969 times in the first half of the year.

  2. Adobe shuts Connectusers.com following data breach

    On Tuesday a hacker calling himself ViruS_HimA and claiming to be Egyptian announced that he had hacked an Adobe server and dumped over 150,000 emails. Associated passwords were also leaked.

  3. NASA laptop with unencrypted data stolen from vehicle

    “On October 31, 2012, a NASA laptop and official NASA documents issued to a Headquarters employee were stolen from the employee's locked vehicle,” says a 13 November email to all NASA employees. It warns that the laptop contains unencrypted personally identifiable information “for a large number of NASA employees.”

  4. Skype account hijacking vulnerability required only an email address

    Shining a major spotlight on the importance of privacy, Skype has addressed a major vulnerability that allowed hackers to take over any Skype account, armed only with the user’s e-mail address. The flaw was being actively exploited in the wild for three months before Skype owner Microsoft fixed it today, security researchers uncovered.

  5. Online fraud rings on the rise; 10K in US alone

    While global cybersecurity attention tends to be placed on headline-grabbing exploits by hacktivists and cyber-espionage activities, there is a much less high-profile but no less dangerous threat festering: Online fraud rings, bent on identity theft.

  6. Staff of European Commissioner for the Digital Agenda hacked

    Further light on the hack of Neelie Kroes’ members of staff while attending an Internet Governance Forum (IGF) conference in Azerbaijan has emerged: Laptops that used a Baku hotel's unsecured WiFi were affected.

  7. ISACA tackles biometrics, cybersecurity with latest IT audit programs

    To help IT auditors stay up to date with the latest organizational requirements, ISACA has published three new customizable IT audit/assurance programs. They cover cybercrime detection and prevention, the use of biometrics, e-commerce security, and the implementation of virtual private networks (VPNs).

  8. Financial trading security should take a 'nuclear' approach

    Cyber-trading and financial security systems can take a page from the nuclear industry, according to a new report from Foresight. While the report does not make policy recommendations, it defines fundamental questions that the authors believe should be addressed on systemic risk, protection systems and computer assurance.

  9. World of Warcraft maker hit with lawsuit over data breach, authentication

    World of Warcraft creator, Blizzard, has been slapped with a class-action lawsuit initiated by two gamers who feel that the company's security policies are geared to be for-profit and “deceptive” in terms of users understanding just how secure – or insecure as the case may be – their information is.

  10. New cyber-espionage bug moved from Palestinian to Israeli targets

    Recently, it came to light that a new cyber-espionage APT dubbed XtremeRAT was targeting Israeli government and police entities. While not advanced, the threat is most certainly persistent: New analysis shows that the threat has been around much longer than previously thought – at least a year – and originally attacked Palestinian targets.

  11. Torrent DDoSer annoys everyone: is he vigilante or spoilt child?

    Torrent site what.cd reported on Friday, 9 November (via Twitter) that, “The site, tracker and IRC will be down while we sort out this DDOS...” As of writing (Monday, 12 November), the site is still down, with the finger being pointed at Zeiko.

  12. Microsoft to fix 19 vulnerabilities in six patch bulletins on Tuesday

    Four of the six patch bulletins are rated ‘critical’, one is ‘important’ and one is ‘moderate’. Three of the updates will require a system restart, while the remaining three may require a restart. Admins should therefore be prepared for a disruptive time next week.

  13. 70% of cloud data centers keep customers in the dark about storage locations

    As more companies turn to the cloud to provide redundancy and back-up services for mission-critical business functions, connectivity and applications, new research has revealed that a full 70% of cloud backup providers do not inform customers of where the data is being physically kept.

  14. Security experts increasingly question ‘digital Pearl Harbor’ claims

    Ever since Defense Secretary Leon Panetta’s claim that the US was facing a digital Pearl Harbor, a growing number of security experts have begun to question the reality of such threats.

  15. RIM’s BB10 gets a security boost with FIPS 140-2

    One day after Research in Motion’s share price tumbled after damning comments from an analyst, the company announced that it has received FIPS 140-2 security certification allowing the BB10 to be deployed by government agencies.

  16. Citadel crimeware kit offers professional-grade theft tools – for a price

    Call it malicious software on a hill: a new version of Citadel, the crimeware kit, has emerged to inspire hackers everywhere. That is, if they can infiltrate the Russian underground far enough to locate it and pay the $3,000 entry fee.

  17. GCHQ launches new UK Cyber Incident Response scheme

    CESG (Communications-Electronics Security Group) and CPNI (Centre for Protection of National Infrastructure), being arms of GCHQ (Government Communications Headquarters) have today launched a new UK Cyber Incident Response Scheme.

  18. Major breach at Coca-Cola tied to Chinese hacker collective

    Details are emerging of a major hack of Coca-Cola by Chinese criminals in 2009, where internal emails and documents were stolen, and malware compromised access to all Microsoft Windows servers, work stations and laptops on the network .

  19. ISF will open up its library to (ISC)² for certification development

    Faced with an age of unprecedented growth and scope of cyberthreats, the Information Security Forum (ISF) has reached an agreement with the (ISC)² to provide its extensive research library for use in development of (ISC)² examinations and official education materials, significantly broadening the reach of the information and, hopefully, threat awareness.

  20. Lawsuit for South Carolina tax agency breach expands to security firm

    In the wake of a massive security breach at the South Carolina tax collection agency, a former South Carolina state senator has expanded a class-action lawsuit over the exposure of millions of state tax returns to include those responsible for providing security: Trustwave and the Division of State Information Technology (DSIT).

What’s hot on Infosecurity Magazine?