Infosecurity News

  1. RIM’s BB10 gets a security boost with FIPS 140-2

    One day after Research in Motion’s share price tumbled after damning comments from an analyst, the company announced that it has received FIPS 140-2 security certification allowing the BB10 to be deployed by government agencies.

  2. Citadel crimeware kit offers professional-grade theft tools – for a price

    Call it malicious software on a hill: a new version of Citadel, the crimeware kit, has emerged to inspire hackers everywhere. That is, if they can infiltrate the Russian underground far enough to locate it and pay the $3,000 entry fee.

  3. GCHQ launches new UK Cyber Incident Response scheme

    CESG (Communications-Electronics Security Group) and CPNI (Centre for Protection of National Infrastructure), being arms of GCHQ (Government Communications Headquarters) have today launched a new UK Cyber Incident Response Scheme.

  4. Major breach at Coca-Cola tied to Chinese hacker collective

    Details are emerging of a major hack of Coca-Cola by Chinese criminals in 2009, where internal emails and documents were stolen, and malware compromised access to all Microsoft Windows servers, work stations and laptops on the network .

  5. ISF will open up its library to (ISC)² for certification development

    Faced with an age of unprecedented growth and scope of cyberthreats, the Information Security Forum (ISF) has reached an agreement with the (ISC)² to provide its extensive research library for use in development of (ISC)² examinations and official education materials, significantly broadening the reach of the information and, hopefully, threat awareness.

  6. Lawsuit for South Carolina tax agency breach expands to security firm

    In the wake of a massive security breach at the South Carolina tax collection agency, a former South Carolina state senator has expanded a class-action lawsuit over the exposure of millions of state tax returns to include those responsible for providing security: Trustwave and the Division of State Information Technology (DSIT).

  7. Lumension buys CoreTrace – adds Bouncer whitelisting to its portfolio

    Lumension announced yesterday that it has completed the acquisition of CoreTrace IP, suggesting that it was prompted by growing concerns over APTs and increasing interest in whitelist defenses.

  8. New Gh0st-related malware discovered

    New malware, backdoor.ADDNEW, has been identified. It is based on the Russian DaRK DDoSer malware and has a surprising link with the Gh0st RAT trojan.

  9. NullCrew hacks MoD – leaks thousands of plaintext credentials

    NullCrew remembered the 5th of November by breaking into mod.co.uk and stealing and dumping more than 3400 email addresses and passwords. While the date of the breach cannot be verified, it does look as if it happened on the Guy Fawkes anniversary.

  10. UK public sector tops £2m in data handling fines

    Public sector organizations in the UK are leaking money thanks to a full £2 million in fines that councils, the NHS, police forces and others have seen in response to poor data handling.

  11. Apple releases update for iOS addressing iPhone, iPad critical flaws

    Apple has released a new iOS, version 6.0.2, that addresses a handful of vulnerabilities in the system affecting iPhone 3GS and later, the iPod touch fourth generation and later, and the iPad 2 and later devices.

  12. Team GhostShell declares war on Russia – leaks 2.5 million records

    Announcing its Project Hellfire back in August, hacking group Team GhostShell warned, “Two more projects are still scheduled for this fall and winter. It's only the beginning.” Now it introduces Project BlackStar with an initial leak of 2.5 million records stolen from Russian organizations.

  13. ASIS revamps POA reference for security professionals

    Security professional organization ASIS International has released a new edition of its Protection of Assets (POA) reference series, to dovetail with its 35h certification program anniversary and a stepped-up focus on global collaboration.

  14. Georgia: Russia responsible for Georbot cyber-spy attack

    In a testament to the ever-changing nature of state-sponsored cyber-espionage, the governmental Computer Emergency Response Team (CERT) of the Republic of Georgia has published a breakdown of the so-called “Georbot Botnet,” a campaign carried out against the Georgian government using malware that infected machines primarily via hacked news sites.

  15. Megaupload takedown demonstrates the danger of storing data anywhere in the cloud

    The Electronic Frontier Foundation (EFF) has warned about US government claims that a Megaupload user lost his property rights by using cloud storage has implications for all data stored by any user or company with any cloud provider, including Amazon’s S3, Google Apps or Apple iCloud.

  16. As the cloud expands, CSA offers guidance for Security as a Service

    The Cloud Security Alliance (CSA) has released the Security Information and Event Management (SIEM) guidance report as part of its Security as a Service (SecaaS) Implementation Guidance.

  17. A look at the Russian underground cyber market

    “The Russian shadow economy is an economy of scale, one that is service oriented and that has become a kleptocracy wherein crony capitalism has obtained a new lease on life in cyberspace,” says a new report into the cybercriminal Russian underground.

  18. The cyberwar of words and malware between US/Israel and Iran

    The cyberwar between the US/Israel and Iran is one of words as well as computer code. It is widely thought that Iranian hackers are behind the recent spate of attacks against US banks, and that the DDoS attack against HSBC was a specific Iranian hacker response to the anti-Islam film, the 'Innocence of Muslims'.

  19. This is a far, far weirder thing than Sony has ever done

    Last week it emerged that the William Faulkner estate was suing Sony over the distribution of the Woody Allen movie, ‘Midnight in Paris.’ On the very next day it launched a second suit against Northrop Grumman and the Washington Post.

  20. Hacker Halted: Government Needs to Embrace Bug Bounty Incentive

    We have nothing to lose by offering bug bounty rewards, Jeremiah Grossman, Founder and CTO of WhiteHat Security told the audience at Hacker Halted in Miami, 29th October 2012.

Why Not Watch?

  1. How To Enhance Security Operations with AI-Powered Defenses

  2. Modernizing GRC: From Checkbox to Strategic Advantage

  3. Time Is a New Attack Surface: Securing Networks with Trusted Time Synchronization

  4. Revisiting CIA: Developing Your Security Strategy in the SaaS Shared Reality

What’s Hot on Infosecurity Magazine?