Infosecurity News
UK ISP says Digital Economy Act is past its sell-by date
Last month Ofcom finally published its draft code for the application of the Digital Economy Act. Now UK ISP Entanet asks, “is the DEA old before its time?”
Vulnerabilities in Niagara Framework exposed
Tridium’s Niagara Framework enables millions of devices to be controlled centrally via the internet, but it also opens up vulnerabilities to attacks from hackers, according to a story by the Washington Post.
Stuxnet leak prompts US House to consider prosecution of journalists
Prompted in part by newspaper stories about the US role in the Stuxnet worm, House lawmakers are considering amending the Espionage Act to enable the prosecution of journalists who disclose sensitive national security information.
Single massive spam campaigns replace high volume spam runs
Over the last few months researchers at Trend Micro began to investigate a rise in the number of high volume spam runs – and concluded that they weren’t individual spam runs at all, but part of a single, massive spam campaign.
Mobile carriers provided more than one million phone records to police in 2011
Last year, US mobile carriers responded to 1.3 million requests from law enforcement agencies for consumers’ cell phone records, according to a report released by Rep. Edward Markey (D-Mass.).
Man in the Browser (MITB) becomes Man in the Mobile (MITMO)
MITB malware, personified by Zeus and SpyEye, has long been the bane of desktop online banking. Now Trusteer reports that MITB has migrated to Android; and calls it Man in the Mobile.
Search for patient zero: uncovering malware infection at the source
Comparing the malware infection of a network to the outbreak of a virus among a human population, Sourcefire’s Alfred Huger stressed that the key to fighting the infection is to find patient zero, the carrier of the virus.
Cyberoam fixes security hole caused by use of default certificates
Network security firm Cyberoam took action Monday to fix a flaw in its deep packet inspection (DPI) devices caused by the use of default CA certificates, a vulnerability that was identified by Tor Project researchers on their website.
DarkComet RAT, used by Syrian regime to spy on activists, shut down
The website of the DarkComet remote administration tool (RAT), which was used to spy on opposition groups by the Syrian regime, has closed down permanently.
Evolve or perish: Chinese professor develops evolutionary cryptography
A professor in China has developed a new cryptosystem, called evolutionary cryptography, that draws on evolution theory in biology to construct more secure encryption.
Venture capital group pumps $22.4 million into SIEM provider AlienVault
AlienVault, a San Mateo, Calif.-based security information and event management (SIEM) provider, has received $22.4 million in funding from a venture capital group led by Kleiner Perkins Caufield & Byers (KPCB) and Sigma.
High tech car thief jailed
The high tech theft of motor vehicles is likely to rise as their computer content increases. In an early case, Alan Watkins was last week jailed for car theft that involved hacking, GPS tracking and motor car identity theft.
Printer Bomb infects through .htaccess redirection web attack
Symantec researchers have determined that the Milicenso trojan (also known as the Printer Bomb) is downloaded by an .htaccess redirection web attack that has infected at least 4,000 websites.
Most security professionals predict breaches will increase this year
A disturbing 93% of IT security professionals believe that data breaches will increase this year, according to nCircle’s 2012 Information Security and Compliance Trend study.
Assume everyone is infected, EU agency advises banks
The EU’s cybersecurity agency is recommending that banks should assume that all customers’ PCs are infected and institute security measures based on that assumption.
How to get a Google Reward – go public
A loophole in Google Apps was remarkably simple, found by Indian blogger Saket Jajodia, and reported to and rapidly closed by Google. But getting recognition for the discovery was less easy.
Fog Computing; or catching the insider the DARPA way
The insider threat is generally acknowledged to be a serious threat to data security. For companies it can lead to the loss of IP; for governments, the loss of state secrets. Fog Computing is a new approach to detecting and preventing that threat.
Android Malware Samples Predicted at 250,000 for 2012
Trend Micro has provided details on the Android threat: the volume of malware; the types of malware; specific families and what they do.
New variant of the police scareware virus emerges
The police virus continues to evolve, from scareware to ransomware – and a new version that can be described as very scary ware.
Protecting US secrets costs taxpayers big bucks
The cost to protect US government secrets reached more than $11 billion in fiscal year (FY) 2011, up 12% from FY 2010 and more than double the cost in FY 2001, according to a report by the National Archives.