Infosecurity News
Context discovers security flaws in WebGL technology
Context Information Security claims to have discovered a range of security flaws in WebGL technology, a web-based extension to the JavaScript programming language that allows 3D graphic images to appear with users’ web browsers.
Curiosity kills the cat as hackers use new infection techniques
Hackers appear to be using social networking and news trending topics, judging from a recent analysis from Luis Corrons, technical director with Panda Security, who notes that the death of Osama bin Laden and the Royal Wedding have been used as lures in the last few weeks.
LastPass hits the master password change button after alert
LastPass, the popular online password management service, has started the lengthy process of forcing members to undergo master password changes following anomalies on its inter-server data logging systems.
FBI says audit does not reflect cyber investigation capabilities
The FBI says an audit finding insufficient national cybersecurity investigation skills does not reflect current expertise and results.
Sony says evidence suggests Anonymous was behind massive data breach
Sony said that it appears the massive data breach affecting 100 million of its PlayStation Network (PSN) and Sony Entertainment Online (SOE) customers may have been carried out by the hacker group Anonymous, although the group denies responsibility.
Android trojan infection methodology explained
Hard on the heels of a welter of Google Android malware stories, data security specialist Imperva says its research team has discovered how cybercriminals are using Android apps to infect users with trojans.
Fortinet threat report shows CoreFlood botnet infecting 2.3 million users
The latest monthly threat report from Fortinet claims that 2.3 million PCs were infected by the CoreFlood botnet, which was dismantled recently by an FBI sting operation. In addition, the report claims to show that Russian domain pharma sites now dominate the spam selling scene.
LastPass hits the master password change button after alert
LastPass, the popular online password management service, has started the lengthy process of forcing members to undergo master password changes following anomalies on its inter-server data logging systems.
Companies can take steps to fix flaws without patches
Companies can take steps to mitigate vulnerabilities without using patches or other expensive remedies, said Marc Maiffret, chief technology officer at eEye Digital Security.
Sony admits to week delay in notifying public about data breach
In a letter to Congress, Sony admitted to a delay of a week in providing information to the public, law enforcement, and state regulatory authorities about the hack of its servers, which exposed the personal information of 100 million customers.
Check Point reveal top security challenges for 2011
At the Check Point Experience in Barcelona on 4th May 2011, John Vecchi, head of product marketing for Check Point, shared his thoughts on the top information security trends and challenges for 2011.
APT-driven zero-day attacks tapped by RSA hackers says researcher
It looks as though cybercriminals are starting to get to grips with the advanced persistent threats (APT) attack strategies first outlined by Stonesoft late last year. And, says one security researcher, they are linking the strategy with zero-day attacks for maximum effect.
First dynamic firewall in beta test for Android
Following on from the release of the first full disk encryption app for Google Android back in March, Whisper Systems is now also developing a dynamic firewall app for the smartphone platform.
Kaspersky Lab report claims cybercriminals expanding their repertoire
The latest monthly research from Kaspersky Lab claims to show that hackers are expanding their horizons in terms of the attack vehicles being used to insert malware onto users' computers.
Sony admits to second data breach affecting 24.6 million customers
Still reeling from the PlayStation Network data breach, Sony has admitted to a second security breach that may have resulted in the theft of personal information of 24.6 million Sony Online Entertainment (SOE) customers.
Secunia updates free software update security utility
Secunia has updated its free patch/update utility – Personal Software Inspector (PSI) – to v2.0, increasing the range of applications that are auto-updated to include web browser add-ins and a variety of other utilities.
Malicious spam back on the increase reports M86 researcher
After a quiet period since the takedown of the Rostock botnet servers at the start of the year, it looks like malicious spam is back on the increase again. According to Rodel Mendrez, a security researcher with M86 Security, whilst the industry had a distinctly quiet period from October 2010 to March 2011, the figures have been on the rise again during April.
Cybersecurity threat rhetoric not supported by evidence, researchers argue
There is a lack of evidence to support the rhetoric of “cyber doom” employed by proponents of increased federal intervention in private sector cybersecurity, warns a new report by George Mason University (GMU) researchers.
VoIP security risks are often overlooked, says Forrester analyst
Many organizations do not understand the increasing security risks posed by voice-over-IP (VoIP), warns Forrester analyst John Kindervag.
Do FBI agents know their binary code from their morse code?
Many of the cyber agents at the Federal Bureau of Investigation’s (FBI) field offices do not have the training, skills, and support to investigate national security-related cyberattacks, the Justice Department’s Office of the Inspector General (IG) found.
