Infosecurity News
Pacemaker virus could lead to "mass murder"
Hackers now have a new attack vector, but one with much more serious consequences than data theft or financial ruin: pacemakers and implantable cardioverter-defibrillators (ICDs).
Top 5 UK SMS spam campaigns are finance-related
When it comes to mobile spam, some campaigns are destined for the Hall of Fame, thanks to how widespread they’ve become. Taking a look at the contenders, mobile security firm AdaptiveMobile has ranked the top five SMS spam campaigns that have plagued UK mobile phone users in 2012—and they all revolve around finances.
Multi-device, multi-vendor IT security departments lack automation, grow risk
Unsurprisingly, complexity in network security environments, particularly multi-vendor environments, yields risk, according to a new survey. And yet, manual processes and a lack of consolidation across operations is still the norm even as IT departments add more and more vendors, devices and firewall rules. This creates a gap between the capacity of the IT staff to manage systems and the rate of their proliferation.
Shining a light on zero-day attacks
A new study by Symantec researchers seeks a better understanding of zero-day attacks – and finds them more, prevalent, longer-lasting and more dangerous than hitherto realised.
ISO releases cyberspace-focused security standard
The ISO has released a brand-new cyber-security standard aimed at ensuring the safety of online transactions and personal information exchanged over the internet, including e-commerce, online banking, virtual medical records, remote office applications and more.
miniFlame emerges as small, highly targeted cyber-espionage tool
Spyware families are propagating, with the latest identified spawn being miniFlame, a “small and highly flexible malicious program” suitable for targeted, in-depth cyber espionage operations, according to Kaspersky Lab.
Facing a malware onslaught, Google plans scanner for mobile app market
Google is plotting ways to implement a client-side solution to prevent rogue apps from being downloaded from Google Play, the Android application store, according to an analysis.
UK government’s Facebook login proposals don’t hold water
Earlier this month there was much discussion in leading UK national newspapers about a proposal to allow the use of social media credentials to access government websites. This was confirmed by the Government Digital Service blog, which has promised more details in the next few weeks.
Randomness and the Intel Ivy Bridge microprocessor
Cryptography Research (CRI) has published its investigation into the random number generator used by the Intel Ivy Bridge processor, the processor that is likely to be used by the majority of new PCs and laptops now and for the immediate future.
ENISA summarizes risks and opportunities of IT consumerization
The European Network and Information Security Agency (ENISA) has summarized both the risks and opportunities in the ‘consumerization of IT’, the business trend that includes BYOD.
TD Bank lost customer data – six months ago
The first public indication of the loss appeared on the California Attorney General website, with the publication of a sample ‘notification’ letter now being sent to the bank’s affected customers.
ISF issues cybersecurity Benchmark as a Service
In an effort to make the evaluation of security resilience and risk reduction strategies more accessible, the Information Security Forum (ISF) has launched a “Benchmark as a Service” (BaaS) tool, for real-time benchmarking via the cloud.
Hackers and crackers invited to decode an 'unbreakable' secret message
Wannabe code-crackers have a fresh challenge to rise to, if DeTron has its way. The encryption company ran a full page ad in the New York Times late last week challenging code breakers, hackers and cryptographers to crack a message encrypted by Quantum Direct Key (QDK) – a personal identification encryption technology aimed at eliminating multiple passwords for cloud services and web apps.
New GCHQ Territorial (Spook) Army
The UK’s Territorial Army is a paid force of part-time volunteers that make up around 25% of the army’s manpower. It is considered an essential part of the UK’s defense force. Now GCHQ is thinking of using the same principle to bolster the UK’s cyber defense.
Malicious emails: Romney almost President
A new malicious email campaign pretends to be from CNN. It announces breaking news – Mitt Romney is ‘almost president’. But it leads to a Blackhole exploit site.
Firefox 16 shipped, pulled and updated within 2 days
Firefox 16 was released on Tuesday, pulled from the download page on Wednesday, and replaced with Firefox 16.0.1 on Thursday. The main cause was that Tuesday’s version introduced a new critical bug that was fixed by Thursday.
SMBs more vulnerable to data breaches than larger brethren
Contrary to conventional wisdom, hackers don’t just target large enterprises with vast amounts of data to steal. Small- and medium-sized businesses are just as attractive of targets, and in some cases are more so.
RSA Europe 2012: Anonymous responds to Corman’s comments
“Anonymous has very few hackers, it has very few activists… It is very misleading to call the groups hacktivists. The common attribute is angst. The talented ones are either quitting or starting to do things that are more clandestine.”
Teen hacker earns $60K for full Google Chrome exploit
A teenage hacker with the handle 'Pinkie Pie' has nabbed a $60,000 prize from Google, for launching a full Chrome exploit for the second time.
First annual report of cyber incidents in the EU
The European Network and Information Security Agency (ENISA) has published its first Annual Incidents Report from data supplied in conformance with Article 13a of the EU’s telecom reform directive.
