Infosecurity News
EMV global payment standard will drastically reduce credit-card fraud in the US
With the Europay, MasterCard and Visa (EMV) global standard for credit and debit cards poised to be adopted in the US (there is an April 2013 migration deadline), analysts at Frost & Sullivan say that credit card payments will become much more secure. Almost half of the world’s credit card fraud last year (46%) took place in the US, where the easily compromised magnetic stripe still rules the day.
Hacktivist group targets Syria in wake of internet blackout
Global hacktivist collective Anonymous is targeting Syrian websites worldwide to protest an internet blackout in that country, which was instituted Thursday in what most think is an attempt by President Bashar al-Assad to cut off communication routes for the opposition.
Clickjacking threatens two-thirds of top 20 banking sites
Almost a two-thirds of the top banking sites, one-fifth of popular open-source web app sites and a full 70% of the top 10 websites by number of visitors have absolutely no countermeasures against clickjacking attacks, even if they require a secure environment, such as banks providing online banking services.
Anti-virus vendors warn users to beware of the ChangeUp worm
ChangeUp is the Symantec name for the worm known as W32/VBNA-X by Sophos and W32/Autorun.worm.aaeb by McAfee. All three companies are warning their users about an increase in detections over the last few days.
BPI demands UK Pirate Party shut down its Pirate Bay proxy
The British Phonographic Industry (BPI) has written to the UK Pirate Party, a democratic political party, and demanded that it close the proxy service it provides to allow users to bypass the ISP block on The Pirate Bay.
Hewlett Packard’s Autonomy woes deepen
On Tuesday a new shareholder lawsuit claimed audit firms Deloitte and KPMG missed red flags about Autonomy’s accounting, and also named HP's board of directors, officers, and former executives alleging breach of duty and negligence.
Report tests browser ability to filter malicious URLs
NSS Labs has published the second of its two analyses on the security capabilities of the four leading browsers. The first report was on the ability of browsers to block malware; this second is on browsers ability to filter malicious URLs.
Crystal ball time: Top 2013 risks include cyber war, cloud and BYOD
As the year draws inexorably to a close, it’s only fair and natural that we, as an industry, peer into the future to see what could await us in the New Year. The latest to tackle such prognostication is the Information Security Forum (ISF), which has ID’d the top five security threats businesses will face in 2013.
91% of APT attacks start with a spear-phishing email...
...and 94% of the emails carry a malicious attachment – usually in ZIP, XLS or RTF format. These are the findings of new research published today.
Critical infrastructure at risk from SCADA vulnerabilities
SCADA software, used for industrial control mechanisms in utilities, airports, nuclear facilities, manufacturing plants and the like, is increasingly a target for hackers looking to exploit what appear to be growing numbers of vulnerabilities – giving rise to fears that critical infrastructure may be at risk.
Yahoo! mail exploit on sale for $700
A new zero-day vulnerability in Yahoo! Mail has given rise to a $700 exploit for sale in the hacking underground.
Europol and ICE seize 132 domain names on Cyber Monday
The US Operation In Our Sights temporarily morphed into Project Cyber Monday 3 – with a European Project Transatlantic offshoot – and netted a combined haul of 132 seized counterfeiting website domains.
High-end Citadel financial malware overtakes Zeus as king
Citadel, which researchers say is essentially the Lamborghini of the financial information-stealing malware scene, is well on its way to overtaking Zeus and SpyEye as the go-to banking trojan after only being discovered earlier this month.
Go Daddy DNS hack spreads ransomware
Go Daddy, the world’s largest internet domain host and registrar, may soon be known for more than those racy Super Bowl ads featuring Danica Patrick: ransomware is being spread across its footprint.
OFCOM suggests ISPs must decide who is a subscriber in relation to 3-strikes
Just as the US voluntary six-strike infringement code is about to begin, the UK’s statutory three-strike regime inches closer with an OFCOM study into piracy and guidance on what constitutes a subscriber.
Greek man arrested over theft of 9 million personal data details
While European eyes are focused on the increasing political unrest in Greece, it has taken US reporters to notice a small detail: a Greek man has been arrested on suspicion of stealing 9 million personal data files.
(ISC)² looks to address security expertise gap with 2013 scholarships
It’s no secret that with the ever-rising tide of cyber threats there comes a need for additional security expertise to adequately combat the scope of attacks. Many IT departments suffer from a human capital resource issue, and it’s not always funding-related.
New Linux rootkit delivering drive-by infections discovered
Eight days ago an ‘anonymous victim’ posted details of a new Linux rootkit to the Full Disclosure mailing list, asking for information. The rootkit was adding an iFrame into HTTP responses returned by the victim’s web server.
Quantum cryptography for all takes a giant leap closer
Toshiba Research Europe, working with the Cambridge University Engineering Lab, has today announced a breakthrough in quantum cryptography; bringing the potential for secure communications for everyone closer to reality.
Problems with the EU’s proposed ‘right to be forgotten’
The EU’s proposed Data Protection Regulation includes a difficult concept known as the ‘right to be forgotten’. It proposes that individuals should be able to remove personal data that they no longer wish to be public – but it is fraught with difficulties. ENISA has produced a report on these difficulties.
