Infosecurity News
Mediyes trojan underscores need for proper key management
The discovery of the Mediyes trojan using a valid digital signature has raised concerns about the need for proper key management, noted John Grimm with Thales e-Security.
Top national security official pins RSA breach on China
The US government has evidence that Chinese hackers were responsible for the breach of RSA last year that compromised the company’s “underlying software” and required the replacement of hundreds of SecurID tokens, a top national security official told Congress this week.
Carders Market leader pleads guilty to ID theft/fraud scheme
Chris Aragon, one of the leaders of the ID theft and fraud forum known as the Carders Market, has pled guilty to stealing thousands of personal identities and counterfeiting credit cards to buy high-end goods that were resold on eBay and craigslist.
FTC reaches settlement on charges over RockYou breach
The US Federal Trade Commission (FTC) has reached a settlement with the social gaming site RockYou over charges it failed to protect the privacy of its users, enabling hackers to access personal information on 32 million users in 2009.
Digital Crime: Fourth great era of organized crime
Organized digital crime is growing – but we still know little about the structure of organized digital crime groups. A new report from BAE Detica Systems and the John Grieve Centre for Policing and Security at London Metropolitan University seeks to change this.
Australia blocks China’s Huawei from broadband project over security concerns
The Australian government has blocked China’s Huawei Technologies from participating in the country’s AUS$36 billion national broadband network (NBN) project because of cybersecurity concerns.
Belarusian sentenced to US prison for assisting identity theft scams
A Belarusian named Dmitry Naskovets has been sentenced to 33 months in federal prison for operating CallService.biz, an online site that helped over 2,000 identity thieves commit fraud, federal authorities announced on Friday.
Watchdog warns US agencies lax on global IT supply chain security
The General Accounting Office (GAO) is warning that insecurity in the global IT supply chain is putting US national security agencies at risk.
LulzSec Reborn posts data on over 170,000 MilitarySingles.com users
The MilitarySingles.com website has apparently been hacked by LulzSec Reborn, exposing user information on 170,000 members.
Microsoft takes control of 800 domains associated with Zeus botnets
In a major action against the banking trojan Zeus, Microsoft with FS-ISAC and NACHA and research from Kyrus Tech and F-Secure have succeeded in disrupting a number of the most harmful Zeus botnets in “in an unprecedented, proactive cross-industry action.”
US government extends period that intelligence on citizens can be retained
The US government has issued new counterterrorism guidelines that allow for the retention of intelligence on US citizens for five years, rather than the current 180 days.
Kaiser Permanente data breach affects thousands of employees
Managed health care consortium Kaiser Permanente has notified thousands of current and former employees that their personal information was found on an external hard drive purchased in a second-hand store in California.
Europe’s first information risk maturity index developed
PwC and Iron Mountain have joined together to develop a risk maturity index for European SMEs; and finds them generally lacking.
Firefox will use HTTPS by default
Encrypted searching should become available by default for all Firefox users within a few months – a big win for privacy.
Indian call centers sell UK financial data and DVLA gives access to Indian workers
On the same day that the Sunday Times reported Indian workers offering UK finance details for sale at as little as 0.02p, the Observer reported that IBM contractors in India will have access to the data of 43 million UK drivers held by the DVLA.
China says most foreign cyberattacks come from Japan, US, and South Korea
In an apparent effort to turn the public relations tables, China is claiming that most of the foreign cyberattacks against Chinese computers are coming from Japan, the US, and South Korea.
Michaels fraudsters headed to prison
Two southern California men pled guilty this week to participating in a PIN-pad tampering scheme at 84 Michaels craft stores that resulted in the theft of 94,000 debit and credit card account numbers.
StubHub turns to fraud specialist to combat abuse of its platform
StubHub, an online ticket exchange, was having trouble with criminals using its open platform to verify credentials that had been stolen from other sources. The website turned to SilverTail for help, explained Robert Capps, senior manager of trust and safety at the company.
US data breach costs decline for first time in seven years
The average organizational and per capita cost of a data breach in the US declined in 2011 for the first time in the seven years that the 'US Cost of a Data Breach Study' has been compiled.
NIST publishes guidance for electronic health record usability and security
The National Institute of Standards and Technology (NIST) has released technical guidance for evaluating the usability of electronic health records (EHR), while maintaining the security and privacy of those records.