Infosecurity News

  1. ABB won't patch industrial control system flaw

    Swiss industrial conglomerate ABB does not plan to patch an arbitrary code execution vulnerability in components of itsWebWare Server application, used in various industrial systems, because it is a legacy product nearing the end of its lifecycle.

  2. Anonymous UK plans to attack the Home Office

    The UK faction of Anonymous has announced a campaign against the Home Office in protest against extradition arrangements with the US, and the European Arrest Warrant (EAW). It is timed for 9:00pm on Saturday.

  3. Weighing the costs and benefits of disaster recovery planning

    In order to protect data from a disaster or cyberattack, organizations should develop a disaster recovery plan based on a cost-benefit analysis of the value of the data versus the cost of maintaining backup facilities, according to a report from Wisegate.

  4. UK government puts brakes on web snooping plans

    In an apparent about-turn over government plans to allow security and police services to spy on e-mails, phone calls and internet browsing habits, deputy prime minister Nick Clegg said the legislation will be published only as a draft.

  5. Blackhole-laden spam targets airline passengers

    Cybercriminals have launched a Blackhole-laden spam campaign against US Airways passengers, trying to convince them to click on a link to "view" their reservation, according to Kaspersky Lab.

  6. IRS security dissing party continues

    The Internal Revenue Service (IRS) just can’t catch a break when it comes to its information security posture; the US Treasury’s auditors are joining the criticisms begun by the Government Accountability Office (GAO) about infosec shortcomings at the US tax collector.

  7. UK hacker G-Zero jailed for using Zeus and SpyEye

    Edward Pearson, aka G-Zero, has been jailed for 26 months at Southwark Crown Court for “making an article for use in fraud and two counts of possession of an article for use in fraud.”

  8. Mac users: “If you have no real need for Java, remove it”

    Discussing the latest drive-by threat to Mac users that exploits an unpatched Java vulnerability known as CVE-2012-0507, Graham Cluley of Sophos blogs, “My advice is that if you have no real need for Java, remove it.”

  9. Adobe offers malware classification tool for 'quick malware triage'

    Adobe has released a free tool that helps IT administrators classify suspicious files as malicious or benign using machine-learning algorithms.

  10. ACLU finds widespread warrantless cell phone tracking by local police

    A report issued this week by the American Civil Liberties Union (ACLU) claims that local law enforcement is engaged in pervasive warrantless tracking of cell phones.

  11. ManTech buys HBGary, a security firm well known for its Anonymous run-in

    US defense firm ManTech has acquired technology security firm HBGary, which was at the center of a controversy last year when it claimed to have infiltrated Anonymous and was then attacked by the hacktivist group.

  12. Global Payments cops to 1.5 million total on credit card breach

    Global Payments, a third-party payment card processor, has admitted that around 1.5 million credit card numbers may have been stolen in a massive data breach last month, up significantly from the original report of 50,000.

  13. California child services loses storage devices with info on 800,000 people

    Computer storage devices containing personal information on 800,000 California residents were lost following a disaster recovery exercise held by IBM and Iron Mountain on behalf of the California Department of Child Support Services (DCSS).

  14. Imperva analyzes LulzSec’s attack tool

    In its latest Hacker Intelligence Initiative report, Imperva analyzes remote and local file inclusion (RFI/LFI) attacks as favored by LulzSec.

  15. GCHQ to get real-time access to personal traffic data

    The EC Data Retention Directive is already in force in the UK as a Statutory Instrument – The Data Retention (EC Directive) Regulations 2009. A proposed new bill will now force ISPs and telecommunications providers to make this data available to law enforcement in real time.

  16. Payment processor suffers data breach that exposes 50,000 credit card numbers

    Global Payments, an Atlanta-based credit and debit card processor for banks and merchants, has suffered a security breach that has exposed information on at least 50,000 cardholders, the Wall Street Journal reported.

  17. Blackhole: the 1-day exploit kit

    ESET has reported on the latest version of the Blackhole exploit kit, noting that it has been updated to include a recent Java vulnerability.

  18. Our expert is better than your expert, says Hotfile to Warner Bros

    Hotfile is being sued by Warner Bros (and others) – the MPAA – for copyright infringement; Hotfile is countersuing for bogus copyright infringement claims.

  19. Yahoo commits to honoring Do-Not-Track

    Do-Not-Track (DNT) is the evolving standard that will provide internet users with greater control over their privacy on the internet. “Yahoo websites worldwide will comply with visitors’ Do-Not-Track preferences starting later this year,” said the company on Wednesday.

  20. Mediyes trojan underscores need for proper key management

    The discovery of the Mediyes trojan using a valid digital signature has raised concerns about the need for proper key management, noted John Grimm with Thales e-Security.

Why not watch?

  1. New Cyber Regulations: What it Means for UK and EU Businesses

  2. Going Beyond Traditional Attack Surface Management with Cyber Threat Intelligence

  3. Supply Chain Risk and Mitigation in Operational Technology

  4. The Future of Fraud: Defending Against Advanced Account Attacks

What’s hot on Infosecurity Magazine?