Infosecurity News
New exploitation technique uses improper protocol specifications
A new type of exploitation technique is making use of improper implementation of proprietary protocol specifications, warns an analysis by researchers from Alert Logic.
Hong Kong Stock Exchange suspends trading after hackers close news website
The Hong Kong Stock Exchange was forced to suspend afternoon trading in seven listed companies after the news portion of its website was hit by hackers.
Malware-laden autowhaler spears cybercriminals preying on phishers
A malware-laden autowhaler application unleashed to infect cybercriminals stealing from phishers, and a rogue anti-virus product offering up a fake codec suite for sale after it disables users’ video players, top GFI Software’s list of the most prevalent threats for July 2011.
Government will crack down on rioters using social media, says PM David Cameron
Prime minister David Cameron has said government will crack down on rioters using social networks to communicate, as Parliament was recalled from its summer recess to discuss the outbreak of violence this week.
Security in the Post-PC era: smartphones and tablets require more security
The smartphone, and increasingly the tablet, are fast becoming the primary device of choice for both personal and enterprise use. Infosecurity spoke with Omri Sigelman, VP of marketing and products for AVG Mobile Solutions, at last week’s Black Hat conference in Las Vegas to discuss the state of security in the rapidly changing ‘post-PC era’.
Myanmar surprises as top source of malicious internet traffic
Myanmar has come out of nowhere to top the list of sources of malicious internet traffic in Akamai’s State of the Internet report, the first time the country has ever appeared on the list.
Anti-virus, firewalls and intrusion detection are no longer enough warns SANS security expert
A leading IT security expert is warning companies that AV, firewalls and IDS technology may no longer be enough to defend company IT resources against attacks.
Smart devices are shipping with security holes, say engineers
Nearly 25% of engineers said they personally knew about security problems in their company’s smart devices that have not been disclosed to their customers and the general public, according to a recent survey by device security firm Mocana.
Visa to waive PCI DSS compliance validation for US merchants that deploy chip-enabled terminals
Effective Oct. 1, 2012, Visa is eliminating the requirement for US merchants to annually validate their compliance with the PCI Data Security Standard (PCI DSS) if 75% of the merchant’s annual Visa transactions originate from chip-enabled terminals.
Cybercriminals steal – from each other
The latest monthly malware and threats report from GFI Labs - the research operation of GFI Software - claims that cybercriminals are now stealing end user credentials from each other, as well as using complex new methodologies when seeking to infect end users' PCs.
SpyEye trojan is revealed as credit card credential grabbing machine
A security researcher with Computer Associates has carried out an in-depth analysis of the SpyEye trojan and concluded that the malware has been cleverly coded to hide the fact that it is really little more than a clever piece of credential-grabbing code.
Researcher says MBR malware is back in fashion
A Symantec security researcher is reporting that MBR – Master Boot Record – infections are now back in fashion amongst cybercriminals after several years of largely being ignored.
Hampshire school data breach highlights need for multiple passwords
A data breach at Bay House School in Hampshire has highlighted the importance of not using the same password for different websites and applications, say experts.
New CSA registry enables cloud providers to demonstrate security controls
Cloud providers can demonstrate their adherence to industry-standard security practices by applying for listing in the Cloud Security Alliance’s (CSA) new Security, Trust and Assurance Registry (STAR).
Black Hat 2011: Security researchers hack iPad dongle to become card skimmer
At the Black Hat 2011 event, which has just finished in Las Vegas, security researchers have shown how it is possible to hack a dongle for the iPad – which was originally designed to allow iPads to accept debit and credit card payments – to become a card skimming device.
Future of SSL in doubt? Researcher Marlinspike unveils alternative to certificate authorities
Noted security researcher and hacker Moxie Marlinspike slammed the certificate authorities at last week’s Black Hat conference in Las Vegas, just before he introduced his own alternative for authenticating secure web communications.
Trojanised Android app seen checking for keywords in text messages
A threat analyst with Trend Micro claims to have spotted a trojanised Android app in the wild that checks for keywords in text messages, and relays the data back to remote hackers.
Dell SecureWorks says 60 families of APT malware traced back to China
After researching the growing problem of APTs (Advanced Persistent Threats) – a security issue first discovered by StoneSoft late last year - Dell SecureWorks claims to have revealed around 60 different types of families of custom malware that use APTs as their infection vehicle.
DefCon 19: 10-year-old code cracker reveals zero-day smartphone gaming security flaw
A 10-year-old code cracker taking part in the first Defcon kids event over the weekend – part of the DefCon 19 event that has just taken place in Las Vegas – has reportedly discovered a zero-day flaw in the way the iOS and Android smartphone/tablet operating systems rely on the system clock.
US standards body issues warning to energy suppliers over cyber attacks
A US energy industry standards body has warned suppliers to improve their defences against cyber attacks.
