Infosecurity News

  1. SCADA password-cracker targets Siemens gear

    SCADA vulnerabilities are once again making their frightening selves known with the revelation that a new password-cracker is specifically targeting industrial control systems.

  2. Cybersecurity faces mostly 'post-PC' threats

    Even as the existing cybersecurity threat landscape becomes more complex, IT departments should be looking to the next wrinkle: cybercriminals have moved beyond the PC, targeting Android, social media and the Mac OS X with new attacks.

  3. New features available for GoAnywhere file transfer services

    Linoma Software, the managed file transfer and data encryption specialist, has announced new clustering and load balancing capabilities for its GoAnywhere Services version 3.1 offering.

  4. Why did WikiLeaks dox Swartz?

    In a brief series of tweets, WikiLeaks seems to have named Aaron Swartz as a WikiLeaks contributor; but the motivation for the move remains unclear.

  5. Mega’s security put under the microscope; and Mega responds

    Following the razzmatazz at the launch of Dotcom’s new secure Mega file storage service over the weekend comes the expected analysis and criticism of its security. There are two primary areas of focus – the RSA key generation and an apparent deduplication process.

  6. Red Dot – a new exploit kit for hire

    A new exploit kit dubbed Red Dot is being offered for hire on the internet underground at $700 for 6 months, or $1200 for a full year (although the vendor retains ‘the right to change the price of the product at any time’).

  7. Canadian student threatened, expelled and then hired

    The solution to bad publicity is to own it, not inflate it. That’s what SkyTech has done with the Canadian student who found flaws in its software: first he was threatened and expelled, but now he’s been offered a scholarship and part-time job.

  8. Foxit fixes PDF reader security vulnerability

    Foxit has released a new version of its PDF viewer, Reader 5.4.5, which fixes a web browser plugin vulnerability that would allow attackers to execute arbitrary code.

  9. Cyber risk is not translating into boardroom discussion

    Responsibility for cyber risk starts and stops with the board, says GCHQ; cyber attack is the most likely technology risk incident says the World Economic Forum; but the board isn’t taking it seriously, suggests Trustwave.

  10. PCI Council announces new board seats, working groups and Asia-Pac event

    The PCI Security Standards Council (PCI SSC) is tapping the payments community to participate in the 2013–2015 Board of Advisors election process, fresh PCI Special Interest Groups (SIG) and the 2013 PCI Community Meetings.

  11. FAKEM RATs disguise their network traffic as legitimate

    While well known remote access trojans such as Gh0st, PoisonIvy, Hupigon, and DRAT produce network traffic that is easily detectable, a new family of malware dubbed FAKEM seeks to disguise its presence by making the traffic look like a legitimate protocol.

  12. Spam campaign makes offerings to Zeus

    The widespread banking trojan/botnet known as Zeus is continuing to throw its malware-infested thunderbolts at unsuspecting users, this time through a wide-net spam campaign.

  13. Shylock malware dials up Skype

    The banking trojan known as Shylock is calling up more victims, thanks to a new propagation tactic of using Skype. It’s also added a few new features to worsen the infection.

  14. Credit card-stealing malware infests nearly 100 Zaxby's chicken restaurants

    Hackers have already been shown to have a taste for Subway, but they apparently have a hankering for fried chicken too. A new criminal attack has potentially compromised credit card data at almost 100 locations of Zaxby’s, a Southern, chicken-centric restaurant chain in the US.

  15. Red October analysis reveals complex, two-stage attack

    In the wake of the discovery of Red October, a complex, in-depth cyber-espionage campaign going back at least five years, security researchers have published a comprehensive analysis of the breadth and depth of the operation, uncovering a two-pronged attack methodology.

  16. Anonymous Mexico hits defense ministry in support of Zapatistas

    South-of-the-border members of the hacktivist collective Anonymous have claimed responsibility for a cyber attack on the Mexican defense ministry that brought down its website temporarily this week.

  17. FireEye adds six new executives to its leadership team

    California-based cybersecurity specialist FireEye has added six new members to its global leadership team, the firm recently announced

  18. Adobe patches four exploited ColdFusion flaws

    In its own Microsoft-synchronized Patch Tuesday this month, Adobe merely issued an advisory on four known and exploited flaws in ColdFusion. Yesterday it patched them.

  19. BC healthcare breach affects 5 million Canadians

    Health data for more than five million British Columbians over the course of at least three incidents has been handled improperly by the Ministry of Health in its dealings with university researchers and contractors, violating the regulations for encryption required by law. The BC provincial government plans to notify more than 38,000 individuals of the breaches by letter.

  20. 90% of passwords can be cracked in seconds

    More than 90% of user-generated passwords can be made vulnerable to hacking in a matter of seconds, according to new research from Deloitte.

Why Not Watch?

  1. Modernizing GRC: From Checkbox to Strategic Advantage

  2. Time Is a New Attack Surface: Securing Networks with Trusted Time Synchronization

  3. Securing M365 Data and Identity Systems Against Modern Adversaries

  4. Mastering AI Security With ISACA’s New AAISM Certification

What’s Hot on Infosecurity Magazine?