Infosecurity News
Pogoplug may be the answer to small business' cloud security
Cloud Engines has developed a device that turns up to four USB-connected external hard drives into a cloud-accessible data storage resource, allowing anyone with the right credentials to access the data on the drive.
Prank malware spreads across internet
Anti-virus company ESET has discovered what it thinks is a prank gone wrong. The company suspects that Win32/Zimuse, which has swept the US, was originally intended as a localized malware attack against a group of Slovakian bikers.
More details emerge on Hydraq trojan
Hydraq, the trojan delivered by the Operation Aurora attackers, uses VNC techniques to stream live video from victims' machines, said Symantec in an analysis of the malware.
GPS security vulnerability discovered in Novatel MiFi unit
Users of the Novatel MiFi 2352 are being recommended to reflash the firmware on the mobile broadband/WiFi units, as hackers have apparently discovered a way of gaining access to the GPS (global positioning system) co-ordinates on the device.
Tor IP anonymising internet service hacked
The developers behind the Tor Project, a voluntary IP anonymising project that allows internet users to proxy through to destination websites using a variety of free-to-use servers around the world, appears to have been hacked.
RockYou users display poor password skills
Social media site RockYou may be the subject of a lawsuit from disgruntled customers after it allowed 32 million of their accounts to be compromised, but new data suggest that many of its users are equally unsavvy when it comes to security, especially password security.
ISACA welcomes strengthening of UK penalties on data breaches
ISACA, the not-for profit international association of 86 000 IT security, audit and governance professionals, has welcomed news that the UK government has beefed up the penalties the Information Commissioner's Office (ICO) can impose on errant companies causing major data breaches.
Microsoft confirms Thursday patch for Internet Explorer exploit
Confirming what many internet industry watchers thought would happen this week, Microsoft says it will release an out-of-band patch later today, for the Internet Explorer security vulnerability used to attack Google and around 30 other companies affected by the widely publicised security flaw seen in the Google/China incident.
Further evidence links Aurora attack to China
Further evidence has emerged suggesting that the Operation Aurora attack exploiting a zero-day flaw in Internet Explorer came from within the People's Republic of China.
Internet Explorer zero-day vulnerability spreads to Microsoft Office as fixes surface
Microsoft has scheduled an out-of-band patch for the zero-day vulnerability in Internet Explorer, just as other fixes for the problem began to surface. The company has also admitted for the first time that the attack could be used to compromise a computer using Microsoft Office.
Sourcefire launches faster IPS configuration
Sourcefire has increased the speed of its intrusion prevention system, or IPS, announcing support for a 20 Gbit/sec clustered model.
$100 000 cracking prize goes unclaimed at CES
Despite 45 teams trying for up to two hours at the recent Consumer Electronics Show in Las Vegas, it seems that the latest USB drive-equipped Swiss Army Knife - which sports an encrypted (Elliptical Curve and AES) data storage feature - was uncracked.
France joins Germany in public slamming of Internet Explorer
Following on from Germany's internet security agency publicly slamming Internet Explorer over the weekend and advising internet users to switch to another browser, France's CERTA agency has made a similar pronouncement.
PDF attacks target defense community
Evidence of further targeted attacks are surfacing, just days after Google and other technology companies announced that they had been the victims of a concerted campaign. This time, the attacks targeted PDFs of those in the US defense community, and occurred more recently.
Internet Explorer zero-day code goes public
The Internet Explorer exploit code used in the Operation Aurora attack against Google and other technology companies has made it into the public domain, and has been incorporated into the Metasploit penetration testing tool, it was revealed this weekend.
Internal security risks webinar this Wednesday
The internal security risk issue is fast becoming a boardroom topic in most organizations, especially now that relatively rare road warriors have given way to a truly mobile workforce, able to work from almost anywhere, in most businesses.
Conservative party outlines plans on cybersecurity
The Conservative party has published a green paper which, amongst other items of national security, seeks to create a center to deal with cyberattacks against the UK.
Time Inc employee fired over customer credit card issue
Time Inc has written to customers and the New Hampshire Attorney General's office, warning of a potential security breach following the possible misuse of customer credit card information by an employee.
Blackhats and whitehats react to Haiti tragedy
Blackhats and whitehats reacted with typical polarity to the disastrous Haiti earthquake this week. One faction unleashed a torrent of malware capitalizing on the tragedy, while the other organized a series of 'hackathons' to help develop technologies that would assist the humanitarian mission.
Online criminals looking to profit from Haiti earthquake
Proving that there is no situation too tragic to exploit, cyber scofflaws have been quick to capitalize on the world’s interest in the recent earthquake in Haiti. With so many people looking to reach out and donate to victims of the tragedy, one group of black hats are attempting to rake in some of that cash by exploiting search engine optimization (SEO) techniques.
