http://www.infosecurity-magazine.com/ Copyright Elsevier Ltd Intuitiv Ltd (www.intuitiv.net) Thu, 20 Jun 2013 04:51:56 GMT http://www.infosecurity-magazine.com/ http://www.infosecurity-magazine.com/_common/img/template/infosec-uk/site-logo.gif http://www.infosecurity-magazine.com/view/33050/microsoft-enters-bug-bounty-fray-for-first-time/ As the threat landscape continues to deepen in both volume and complexity, bug bounties are becoming an increasingly popular way for vendors to cost-effectively uncover potentially severe exploitable security issues. Microsoft has joined the cash-payout fray for the first time, announcing three new "Heart of Blue Gold" bounty programs that will pay up to $100,000 to enterprising researchers and hackers. Wed, 19 Jun 2013 20:15:00 GMT http://www.infosecurity-magazine.com/view/33050/microsoft-enters-bug-bounty-fray-for-first-time/ http://www.infosecurity-magazine.com/view/33048/oracle-patches-40-critical-java-flaws/ Oracle has released its June 2013 Java SE Critical Patch Update (CPU), which fixes 40 security issues. All vulnerabilities except three can be exploited remotely without authentication by an attacker, and in most cases, the attacker can take complete control of the system. Wed, 19 Jun 2013 19:54:00 GMT http://www.infosecurity-magazine.com/view/33048/oracle-patches-40-critical-java-flaws/ http://www.infosecurity-magazine.com/view/33046/isc2-opens-nominations-for-gisla/ (ISC)2 has announced that it is now accepting nominations for its 2013 U.S. Government Information Security Leadership Awards (GISLA). Wed, 19 Jun 2013 19:26:00 GMT http://www.infosecurity-magazine.com/view/33046/isc2-opens-nominations-for-gisla/ http://www.infosecurity-magazine.com/view/33010/make-way-for-the-variants-carberp-source-code-goes-on-sale-for-5k/ The source code for the Carberp banking trojan is up on the block in the Russian underground – and for a mere $5,000. Wed, 19 Jun 2013 13:00:00 GMT http://www.infosecurity-magazine.com/view/33010/make-way-for-the-variants-carberp-source-code-goes-on-sale-for-5k/ http://www.infosecurity-magazine.com/view/33036/chrome-vulnerable-to-camjacking-/ Camjacking is clickjacking aimed at taking over the PC’s webcam – and although Adobe fixed the Flash vulnerability that allows it back in 2011, it lives on in the Flash implementations of Chrome and (not verified) IE10. Wed, 19 Jun 2013 12:23:00 GMT http://www.infosecurity-magazine.com/view/33036/chrome-vulnerable-to-camjacking-/ http://www.infosecurity-magazine.com/view/33031/european-commission-gets-mandate-to-negotiate-trade-agreement-with-us/ The concept of an EU-US trade agreement, the TransAtlantic Trade and Investment Partnership (TTIP) has moved with breathtaking speed; from initial announcement in February to the official mandate for the EC to start negotiations last Friday. But the memory of ACTA lingers. Wed, 19 Jun 2013 10:55:00 GMT http://www.infosecurity-magazine.com/view/33031/european-commission-gets-mandate-to-negotiate-trade-agreement-with-us/ http://www.infosecurity-magazine.com/view/33012/google-glass-privacy-questioned-by-six-countries-and-the-eu/ Led by Canada's privacy commissioner Jennifer Stoddart, and enjoined by 36 provincial and international colleagues, Google has been invited to enter a dialogue with data protection authorities over the privacy issues around Google Glass. Wed, 19 Jun 2013 08:30:00 GMT http://www.infosecurity-magazine.com/view/33012/google-glass-privacy-questioned-by-six-countries-and-the-eu/ http://www.infosecurity-magazine.com/view/33009/malware-swarming-on-p2p-networks/ For all of their benefits when it comes to enabling consumer communication, peer-to-peer networks have been notorious hideouts for pirated content and other things that wish to elude detection. They’re providing cover now for something else: malware. Tue, 18 Jun 2013 19:53:00 GMT http://www.infosecurity-magazine.com/view/33009/malware-swarming-on-p2p-networks/ http://www.infosecurity-magazine.com/view/33008/69-of-small-businesses-dont-think-data-breaches-will-impact-their-reputation/ As National Small Business Week gets underway in the US, research has revealed that most small businesses are blissfully unaware of the information security risks that may be arrayed against them. Tue, 18 Jun 2013 19:32:00 GMT http://www.infosecurity-magazine.com/view/33008/69-of-small-businesses-dont-think-data-breaches-will-impact-their-reputation/ http://www.infosecurity-magazine.com/view/32981/eiq-networks-unwraps-new-proactive-cyber-defense-monitoring/ The Massachusetts-based security and compliance specialist has introduced what it is calling the “first security monitoring solution to provide automated analysis of SANS Critical Security Controls”. Tue, 18 Jun 2013 13:00:00 GMT http://www.infosecurity-magazine.com/view/32981/eiq-networks-unwraps-new-proactive-cyber-defense-monitoring/ http://www.infosecurity-magazine.com/view/32994/manchester-citys-scouting-database-compromised/ 75% of the UK’s Premier League football clubs, and 50% of clubs in the major European leagues use the services of Scout7 to provide solutions in player scouting, recruitment and information management. Manchester City’s private database has been breached. Tue, 18 Jun 2013 12:52:00 GMT http://www.infosecurity-magazine.com/view/32994/manchester-citys-scouting-database-compromised/ http://www.infosecurity-magazine.com/view/32975/big-data-causes-big-problems-for-security/ For enterprises, the ability to detect data breaches within minutes is critical in preventing data loss, yet only 35% of firms stated they have the ability to do this. The culprit? An ever-escalating array of data sources stemming from virtualization, anywhere, anytime work habits and an explosion of end-user devices and applications. In short, organizations around the world are finding themselves unable to harness the power of Big Data for security purposes. Tue, 18 Jun 2013 12:00:00 GMT http://www.infosecurity-magazine.com/view/32975/big-data-causes-big-problems-for-security/ http://www.infosecurity-magazine.com/view/32991/surveillance-cameras-can-be-hacked-who-is-watching-you/ A security expert has promised to reveal security flaws in thousands of surveillance cameras. He will not, he says, disclose the vulnerabilities to the vendors before his presentation at Black Hat, Las Vegas, starting 31 July. Tue, 18 Jun 2013 11:42:00 GMT http://www.infosecurity-magazine.com/view/32991/surveillance-cameras-can-be-hacked-who-is-watching-you/ http://www.infosecurity-magazine.com/view/32986/nsa-gchq-spy-on-russian-president-g20-delegates-/ New Snowden revelations revealed that the NSA and GCHQ do traditional spying too – eavesdropping on the Russian president’s phone calls out of London and the delegates at the G20 2009 meeting in London. Tue, 18 Jun 2013 10:15:00 GMT http://www.infosecurity-magazine.com/view/32986/nsa-gchq-spy-on-russian-president-g20-delegates-/ http://www.infosecurity-magazine.com/view/32982/former-us-military-chief-bold-leadership-required-to-solve-cybersecurity-problems/ What keeps retired US Navy Admiral Mike Mullen up at night? According to the former Chairman of the Joint Chiefs of Staff, the government’s debt, the state of the US primary/secondary education system, a lack of bipartisan cooperation, and the issue of cybersecurity. Tue, 18 Jun 2013 10:00:00 GMT http://www.infosecurity-magazine.com/view/32982/former-us-military-chief-bold-leadership-required-to-solve-cybersecurity-problems/ http://www.infosecurity-magazine.com/view/32976/apple-fielded-thousands-of-law-enforcement-requests-for-customer-info-so-far-this-year/ Apple has published a transparency update detailing that between December 1, 2012 and May 31, 2013, it received between 4,000 and 5,000 requests from US law enforcement for customer data. Mon, 17 Jun 2013 19:57:00 GMT http://www.infosecurity-magazine.com/view/32976/apple-fielded-thousands-of-law-enforcement-requests-for-customer-info-so-far-this-year/ http://www.infosecurity-magazine.com/view/32974/spam-sent-from-web-hosts-harder-to-block/ When it comes to taking anti-spam measures, it turns out that malicious or junk mail sent from web hosts is more than three times as likely to make it past a filter than other kinds of spam. An independent evaluation of top products found that while most have good overall catch rates, web hosting is a bit of a magic bullet at the moment. Mon, 17 Jun 2013 19:25:00 GMT http://www.infosecurity-magazine.com/view/32974/spam-sent-from-web-hosts-harder-to-block/ http://www.infosecurity-magazine.com/view/32954/canada-a-global-haven-for-cybercriminals/ It turns out that Canada may soon be famous for more than the well-known maple leafs, Molson and hockey: It now has the third largest volume of hosted advanced malware command-and-control servers, according to a new study. Foreign cybercriminals are setting up virtual bases in Canada to command corporate espionage attacks. Mon, 17 Jun 2013 13:45:00 GMT http://www.infosecurity-magazine.com/view/32954/canada-a-global-haven-for-cybercriminals/ http://www.infosecurity-magazine.com/view/32953/us-energy-department-creates-cybersecurity-council/ The US Department of Energy is tackling cybersecurity for its various branches, including the National Nuclear Security Administration (NNSA), with a new cybersecurity council tasked with formulating best practices in the security arena. Mon, 17 Jun 2013 13:31:00 GMT http://www.infosecurity-magazine.com/view/32953/us-energy-department-creates-cybersecurity-council/ http://www.infosecurity-magazine.com/view/32955/apple-ios7-features-yet-another-lockscreen-bypass/ Less than a week after Apple unveiled the beta version of Apple iOS7 at its annual World Wide Developers Conference (WWDC) confab, an enterprising tech-head has managed to bypass its screen-lock security. Mon, 17 Jun 2013 13:00:00 GMT http://www.infosecurity-magazine.com/view/32955/apple-ios7-features-yet-another-lockscreen-bypass/ http://www.infosecurity-magazine.com/view/32951/fda-issues-medical-device-safety-warning/ The US Food and Drug Administration has issued a malware alert, warning that medical devices that contain configurable embedded computer systems can be vulnerable to cybersecurity breaches. Mon, 17 Jun 2013 12:45:00 GMT http://www.infosecurity-magazine.com/view/32951/fda-issues-medical-device-safety-warning/ http://www.infosecurity-magazine.com/view/32964/microsoft-adds-twofactor-authentication-to-its-azure-cloud-platform/ Microsoft has launched two-factor authentication for its Azure cloud platform based on technology acquired with the purchase of PhoneFactor in October 2012: Active Authentication. Mon, 17 Jun 2013 12:31:00 GMT http://www.infosecurity-magazine.com/view/32964/microsoft-adds-twofactor-authentication-to-its-azure-cloud-platform/ http://www.infosecurity-magazine.com/view/32961/saudi-arabia-likely-to-block-whatsapp-within-weeks/ Saudi Arabia is cracking down on communications tools that bypass the Kingdom’s monitoring capabilities and affect the revenue of the indigenous telecommunications companies. Mon, 17 Jun 2013 11:23:00 GMT http://www.infosecurity-magazine.com/view/32961/saudi-arabia-likely-to-block-whatsapp-within-weeks/ http://www.infosecurity-magazine.com/view/32958/optout-porn-filters-in-the-uk-by-the-end-of-the-year/ UK ISPs will have porn filters operational before the end of 2013 said David Cameron’s ‘pornification’ advisor Claire Perry at a Westminster eForum last week. Mon, 17 Jun 2013 10:00:00 GMT http://www.infosecurity-magazine.com/view/32958/optout-porn-filters-in-the-uk-by-the-end-of-the-year/ http://www.infosecurity-magazine.com/view/32956/blank-media-levy-extended-to-smartphones-and-tablets/ The ‘blank media levy’ is effectively a tax on blank media (originally tape cassettes) designed to compensate content creators for illegal copying of copyrighted works. Over the years it was extended to include CDs, DVDs, hard disks – and is now making its first forays into devices that include solid state memory. Mon, 17 Jun 2013 07:59:00 GMT http://www.infosecurity-magazine.com/view/32956/blank-media-levy-extended-to-smartphones-and-tablets/ http://www.infosecurity-magazine.com/view/32949/fortune-500-security-policies-are-a-mixed-bag/ A research effort into the security practices of Fortune 500 companies has found that while a majority of the largest US public companies are following the Securities and Exchange Commission (SEC) Guidelines by providing some level of disclosure regarding data breaches, some companies that have had exposures have chosen to remain silent. And, companies may be underestimating certain risks, like state-sponsored cyber-espionage. Fri, 14 Jun 2013 15:00:00 GMT http://www.infosecurity-magazine.com/view/32949/fortune-500-security-policies-are-a-mixed-bag/ http://www.infosecurity-magazine.com/view/32948/accumuli-buys-authentication-firm-signify-solutions/ Accumuli yesterday acquired two-factor authentication specialist Signify Solutions for £4.2 million in cash – a net consideration of £2.6 million given Signify’s £1.6m cash in hand. Fri, 14 Jun 2013 14:58:00 GMT http://www.infosecurity-magazine.com/view/32948/accumuli-buys-authentication-firm-signify-solutions/ http://www.infosecurity-magazine.com/view/32946/dell-secureworks-launches-cybersecurity-incident-response-center/ Looking to help companies prepare for and combat the aftermath of a cybersecurity incident or data breach, Dell SecureWorks has launched an Incident Response Resource Center to bring together research materials, white papers, videos and webcasts, and tools from its Emergency Incident Response and Digital Forensic services, into a common online portal. Fri, 14 Jun 2013 14:16:00 GMT http://www.infosecurity-magazine.com/view/32946/dell-secureworks-launches-cybersecurity-incident-response-center/ http://www.infosecurity-magazine.com/view/32944/sweden-effectively-bans-government-use-of-google/ An announcement from the Swedish Information Commissioner enjoins Salem Municipality ‘to either remedy the shortcomings of the agreement [to use Google’s cloud services] or to stop using the cloud service.’ Fri, 14 Jun 2013 10:32:00 GMT http://www.infosecurity-magazine.com/view/32944/sweden-effectively-bans-government-use-of-google/ http://www.infosecurity-magazine.com/view/32937/cyberpolicy-woes-onefifth-of-workers-dont-alert-it-to-byod-use/ Despite increased focus on the security holes that bring-your-own-device (BYOD) strategies and the consumerization of IT present within the enterprise, research from AppSense has revealed that the threat to corporate IT security hasn't really abated at all – especially with consumers circumventing IT altogether in some cases when it comes to mobile working. Fri, 14 Jun 2013 10:00:00 GMT http://www.infosecurity-magazine.com/view/32937/cyberpolicy-woes-onefifth-of-workers-dont-alert-it-to-byod-use/ http://www.infosecurity-magazine.com/view/32938/blackberry-patches-byod-adobe-flash-flaws-for-z10-and-playbook/ BlackBerry released two security bulletins this week, one of which addresses Adobe Flash flaws in the software for the Blackberry Playbook tablet and Blackberry Z10 touchscreen smartphone. Thu, 13 Jun 2013 20:00:00 GMT http://www.infosecurity-magazine.com/view/32938/blackberry-patches-byod-adobe-flash-flaws-for-z10-and-playbook/ http://www.infosecurity-magazine.com/view/32936/microsoft-cloud-adoption-bolsters-security-for-smbs/ Although the mention of “cloud services” tends to strike security fears into the hearts of IT administrators, perceptions of the cloud held by nonusers directly contrast with the real experiences of cloud adopters, according to a new Microsoft study of small and midsize businesses (SMBs) in the US. Thu, 13 Jun 2013 19:34:00 GMT http://www.infosecurity-magazine.com/view/32936/microsoft-cloud-adoption-bolsters-security-for-smbs/ http://www.infosecurity-magazine.com/view/32927/zeus-is-hiring-money-mules-just-get-infected-first/ For cyber criminals, Zeus is the complete package: not only will it steal your money, it now helps the gangs recruit the money mules to get stolen money out of the country and into their own accounts. Thu, 13 Jun 2013 11:47:00 GMT http://www.infosecurity-magazine.com/view/32927/zeus-is-hiring-money-mules-just-get-infected-first/ http://www.infosecurity-magazine.com/view/32925/flaw-leading-to-denial-of-service-found-in-the-latest-wordpress/ A Polish security researcher has found a flaw in the latest version of WordPress, version 3.5.1. He reported it to WordPress, but with no response after 7 days he went public. Thu, 13 Jun 2013 10:26:00 GMT http://www.infosecurity-magazine.com/view/32925/flaw-leading-to-denial-of-service-found-in-the-latest-wordpress/ http://www.infosecurity-magazine.com/view/32920/latest-flash-and-air-update-closes-one-critical-hole/ Coordinated with Microsoft's Patch Tuesday monthly security updates, Adobe has released a single security bulletin for June. Thu, 13 Jun 2013 08:00:00 GMT http://www.infosecurity-magazine.com/view/32920/latest-flash-and-air-update-closes-one-critical-hole/ http://www.infosecurity-magazine.com/view/32919/gartner-analysts-drop-the-bomb-on-cyberwar-hysteria/ In a talk this week’s Gartner Security and Risk Management Summit near Washington DC, two industry analysts from Gartner examined the hype and reality behind the idea of ‘cyberwar’ – defining what it is, what it is not, and what organizations should do to prepare. Wed, 12 Jun 2013 19:53:00 GMT http://www.infosecurity-magazine.com/view/32919/gartner-analysts-drop-the-bomb-on-cyberwar-hysteria/ http://www.infosecurity-magazine.com/view/32907/googles-new-vulnerability-disclosure-timeline-might-be-too-optimistic-for-android/ At the end of May, Google announced that its security engineers would be operating to a new official timeline for the disclosure of vulnerabilities that are being actively exploited. Wed, 12 Jun 2013 13:18:00 GMT http://www.infosecurity-magazine.com/view/32907/googles-new-vulnerability-disclosure-timeline-might-be-too-optimistic-for-android/ http://www.infosecurity-magazine.com/view/32866/mbrwiping-malware-targets-german-victims/ Master boot record wipers have been cropping up lately, most notably in a widespread attack on South Korea media properties. A new MBR-based hack is now targeting German users, who are at risk of having their systems rendered unusable by malware being sent via spam messages. Wed, 12 Jun 2013 11:30:00 GMT http://www.infosecurity-magazine.com/view/32866/mbrwiping-malware-targets-german-victims/ http://www.infosecurity-magazine.com/view/32901/worldwide-reaction-to-nsaprism-surveillance-an-overview/ When the NSA's surveillance program was first revealed by Edward Snowden last week, initial reaction was that it was a US issue. But with the realization that the greater part of the world's internet traffic is at some point routed via the US, the worldwide ramifications are becoming better understood and questioned. Wed, 12 Jun 2013 11:22:00 GMT http://www.infosecurity-magazine.com/view/32901/worldwide-reaction-to-nsaprism-surveillance-an-overview/ http://www.infosecurity-magazine.com/view/32897/cisco-launches-platform-exchange-grid-/ A mantra for modern security is defense in depth, or the onion: multiple, overlapping layers of security. But achieving the onion is not as easy as describing it. Cisco believes it has the solution with a new Platform Exchange Grid (pxGrid) to provide context sharing between products within networks. Wed, 12 Jun 2013 08:23:00 GMT http://www.infosecurity-magazine.com/view/32897/cisco-launches-platform-exchange-grid-/ http://www.infosecurity-magazine.com/view/32865/keyboy-backdoor-targets-attacks-to-vietnam-india/ Researchers at Rapid7 have uncovered two specific attacks using a new backdoor malware targeting victims in Vietnam and in India. The security company has dubbed the threat KeyBoy after a string present in one of the samples. Tue, 11 Jun 2013 19:30:00 GMT http://www.infosecurity-magazine.com/view/32865/keyboy-backdoor-targets-attacks-to-vietnam-india/ http://www.infosecurity-magazine.com/view/32896/hampered-by-image-problems-ciso-roles-require-transformative-approach/ By examining how IT and information security have adapted over time, Gartner analyst Paul Proctor explained why CISOs and risk management professionals must change their roles from “defenders” to that of risk assessment advisers to grapple with future threats – and save their own reputations. Tue, 11 Jun 2013 19:23:00 GMT http://www.infosecurity-magazine.com/view/32896/hampered-by-image-problems-ciso-roles-require-transformative-approach/ http://www.infosecurity-magazine.com/view/32864/unchecked-admin-rights-a-top-threat-to-enterprises/ While IT security professionals recognize the threat posed by unwitting employees, many still admit to allowing administrative privileges to go unmanaged, making organizations increasingly vulnerable to malware exploits and unauthorized software, according to a survey by Avecto. Tue, 11 Jun 2013 16:45:00 GMT http://www.infosecurity-magazine.com/view/32864/unchecked-admin-rights-a-top-threat-to-enterprises/ http://www.infosecurity-magazine.com/view/32895/new-version-of-zbotzeus-found-in-the-wild/ You cannot teach an old dog new tricks, says the old saying. Maybe you can, suggest security researchers after discovering a new self-propagating Zbot variant in the wild. Tue, 11 Jun 2013 16:34:00 GMT http://www.infosecurity-magazine.com/view/32895/new-version-of-zbotzeus-found-in-the-wild/ http://www.infosecurity-magazine.com/view/32889/pirate-bay-founder-wanted-for-danish-hack/ Gottfrid Svartholm, one of the original founders of The Pirate Bay and currently awaiting a verdict for the hack of Logica in Sweden, is now wanted for another hack in Denmark: this time on CSC. Tue, 11 Jun 2013 15:18:00 GMT http://www.infosecurity-magazine.com/view/32889/pirate-bay-founder-wanted-for-danish-hack/ http://www.infosecurity-magazine.com/view/32869/the-eus-hacker-legislation-mirrors-the-us-computer-fraud-and-abuse-act/ “This directive,” says rapporteur Monika Hohlmeier, “introduces much-needed common rules for criminal law penalties, and also aims to facilitate joint measures to prevent attacks and foster information exchange among competent authorities.” Tue, 11 Jun 2013 10:29:00 GMT http://www.infosecurity-magazine.com/view/32869/the-eus-hacker-legislation-mirrors-the-us-computer-fraud-and-abuse-act/ http://www.infosecurity-magazine.com/view/32862/car-thieves-found-using-handheld-fobs-to-hack-automatic-car-locks-/ A mystery technology is allowing car thieves to pop open automatic car locks over the air using a hand-held device – but police have no idea how they’re managing to do it. Mon, 10 Jun 2013 19:00:00 GMT http://www.infosecurity-magazine.com/view/32862/car-thieves-found-using-handheld-fobs-to-hack-automatic-car-locks-/ http://www.infosecurity-magazine.com/view/32861/91-of-mobile-apps-expose-personal-information/ Mobile cyber-threats are increasingly on the rise, not only in the form of malware but also just lax security guards within applications. Veracode conducted an analysis of the most popular mobile applications used within enterprises and found that many of these apps access confidential and sometimes personal data on the mobile device and expose sensitive information to unknown parties. Mon, 10 Jun 2013 18:16:00 GMT http://www.infosecurity-magazine.com/view/32861/91-of-mobile-apps-expose-personal-information/ http://www.infosecurity-magazine.com/view/32860/isc-develops-cyberforensics-certification/ (ISC)² has developed a new certification, the Certified Cyber Forensics Professional (CCFPSM), meant to create a global standard for assessing the expertise of digital forensics professionals. Mon, 10 Jun 2013 17:49:00 GMT http://www.infosecurity-magazine.com/view/32860/isc-develops-cyberforensics-certification/ http://www.infosecurity-magazine.com/view/32858/technical-skills-not-important-for-future-cisos-declares-forrester-/ In a session titled ‘Becoming the Future CISO’ at the Forrester Forum for CIO’s in London, England, June 6 2013, Andrew Rose declared the current role of CISO a dying breed. Mon, 10 Jun 2013 16:31:00 GMT http://www.infosecurity-magazine.com/view/32858/technical-skills-not-important-for-future-cisos-declares-forrester-/ http://www.infosecurity-magazine.com/view/32842/nsa-whistleblower-outs-himself-and-skips-to-hong-kong/ While the world waited on what steps the US administration would take to identify last week’s whistleblower on the NSA’s surveillance operations, Edward Snowden outed himself from Hong Kong, where he has been since 20 May. Mon, 10 Jun 2013 12:19:00 GMT http://www.infosecurity-magazine.com/view/32842/nsa-whistleblower-outs-himself-and-skips-to-hong-kong/ http://www.infosecurity-magazine.com/view/32840/cesg-publishes-identity-proofing-guidelines/ Access management is designed to allow only authorized digital identities to gain access to a system. But a digital identity is nothing more than “a collection of attributes that uniquely define a person or organization.” Proofing is the process of ensuring that those attributes belong to the genuine applicant. Mon, 10 Jun 2013 11:19:00 GMT http://www.infosecurity-magazine.com/view/32840/cesg-publishes-identity-proofing-guidelines/ http://www.infosecurity-magazine.com/view/32836/ponemon-study-management-operations-talk-different-languages/ A new study of attitudes towards risk-based security shows a marked difference in approach between management and operations: to one it is an art, to the other a science. Mon, 10 Jun 2013 08:23:00 GMT http://www.infosecurity-magazine.com/view/32836/ponemon-study-management-operations-talk-different-languages/ http://www.infosecurity-magazine.com/view/32835/operation-prism-nsa-and-fbi-monitoring-activity-at-facebook-apple-google-and-other-tech-firms/ It’s a potential publicity bomb that has yet to explode, apparently, but the Washington Post and the Guardian are reporting that both the US and the UK governments have been engaged in ongoing data collection of private information from web services, with the support of top tech companies, in an foreign intelligence effort code-named Operation PRISM. Fri, 07 Jun 2013 19:48:00 GMT http://www.infosecurity-magazine.com/view/32835/operation-prism-nsa-and-fbi-monitoring-activity-at-facebook-apple-google-and-other-tech-firms/ http://www.infosecurity-magazine.com/view/32834/officials-chinese-hackers-launched-espionage-effort-against-2008-presidential-campaign/ As a two-day summit between US President Barack Obama and Chinese President Xi Jinping gets underway, US intelligence officials have told NBC News that China-backed hackers mounted a massive espionage effort to lift information from the 2008 presidential campaigns of Obama and Sen. John McCain. Fri, 07 Jun 2013 19:14:00 GMT http://www.infosecurity-magazine.com/view/32834/officials-chinese-hackers-launched-espionage-effort-against-2008-presidential-campaign/ http://www.infosecurity-magazine.com/view/32833/google-targets-crosssite-scripting-by-more-than-doubling-bug-bounties/ In a move geared to keep up with the ever-changing online threat landscape, Google has increased its reward levels for researchers that uncover flaws. In particular, Google has its sights set on cross-site scripting. Fri, 07 Jun 2013 18:59:00 GMT http://www.infosecurity-magazine.com/view/32833/google-targets-crosssite-scripting-by-more-than-doubling-bug-bounties/ http://www.infosecurity-magazine.com/view/32823/patch-tuesday-preview-june-2013/ There are only five security bulletins from Microsoft this month, but with one involving versions of Internet Explorer from 6 to 10, and another involving an actively exploited Office vulnerability, administrators cannot afford to delay implementation. Fri, 07 Jun 2013 13:00:00 GMT http://www.infosecurity-magazine.com/view/32823/patch-tuesday-preview-june-2013/ http://www.infosecurity-magazine.com/view/32822/new-schools-competition-launched-by-cyber-security-challenge-uk/ With Brian Higgins, formerly of the Serious Organized Crime Agency (SOCA) as the first Schools Programme Manager, Cyber Security Challenge UK, the Cabinet Office and industry sponsors have joined forces to bring code breaking into schools. Fri, 07 Jun 2013 11:40:00 GMT http://www.infosecurity-magazine.com/view/32822/new-schools-competition-launched-by-cyber-security-challenge-uk/ http://www.infosecurity-magazine.com/view/32810/chinas-huawei-and-the-uks-critical-national-infrastructure/ The UK’s Intelligence and Security Committee has published a report, not on whether Huawei should be allowed to supply the critical national infrastructure, but how it was allowed to do so in contracts dating back to 2005. Fri, 07 Jun 2013 10:21:00 GMT http://www.infosecurity-magazine.com/view/32810/chinas-huawei-and-the-uks-critical-national-infrastructure/ http://www.infosecurity-magazine.com/view/32807/adware-the-most-pervasive-mobile-threat/ A new examination of mobile threat data from the Lookout Platform in five countries has found that threats to consumers run the gamut, from annoying to extremely invasive. The study has uncovered that adware and malware threats like spyware, surveillanceware and trojans are in particular proliferating. Thu, 06 Jun 2013 19:52:00 GMT http://www.infosecurity-magazine.com/view/32807/adware-the-most-pervasive-mobile-threat/ http://www.infosecurity-magazine.com/view/32806/congress-looks-to-punish-statesponsored-hacker-spies/ A new bipartisan bill will aim to punish foreign day backed by China, Russia and other nation-states by freezing their assets and deporting them out of the US. Thu, 06 Jun 2013 19:28:00 GMT http://www.infosecurity-magazine.com/view/32806/congress-looks-to-punish-statesponsored-hacker-spies/ http://www.infosecurity-magazine.com/view/32805/connected-tvs-open-up-a-host-of-threat-vectors/ In today’s world, everything from refrigerators to cars are beginning to get “connected” and given the ability to talk to you and to other things via broadband networks. Much of this still seems like science fiction, but when it comes to connected TVs, the concept has already jumped the chasm to the mainstream. And, like anything connected to the internet, smart TVs are turning out to be another threat vector for hackers. Thu, 06 Jun 2013 19:22:00 GMT http://www.infosecurity-magazine.com/view/32805/connected-tvs-open-up-a-host-of-threat-vectors/ http://www.infosecurity-magazine.com/view/32799/ibm-signs-definitive-agreement-to-purchase-softlayer-technologies/ The purchase will allow IBM to expand its provision of private cloud and SaaS services to include public cloud and bare metal data centers – and may be an early sign of convergence between service providers and cloud platforms. Thu, 06 Jun 2013 14:18:00 GMT http://www.infosecurity-magazine.com/view/32799/ibm-signs-definitive-agreement-to-purchase-softlayer-technologies/ http://www.infosecurity-magazine.com/view/32792/microsoft-and-the-fbi-take-down-more-than-1000-citadel-botnets/ Working with the FBI and the financial services industry, Microsoft last week obtained a court order allowing it to cut communications between 1462 Citadel botnets and the millions of infected PCs around the world. Thu, 06 Jun 2013 09:53:00 GMT http://www.infosecurity-magazine.com/view/32792/microsoft-and-the-fbi-take-down-more-than-1000-citadel-botnets/ http://www.infosecurity-magazine.com/view/32791/beyond-orwellian-the-fbi-and-nsa-spy-on-all-americans/ The Guardian newspaper has exposed a Foreign Intelligence Surveillance Court (FISC) ‘top secret’ order requiring Verizon to provide the NSA with all ‘telephony metadata’ for communications within the USA and between the USA and abroad. Thu, 06 Jun 2013 07:54:00 GMT http://www.infosecurity-magazine.com/view/32791/beyond-orwellian-the-fbi-and-nsa-spy-on-all-americans/ http://www.infosecurity-magazine.com/view/32788/nato-admits-to-ongoing-hacking-attempts-sparking-infosharing-discussions/ As European defense ministers headed to Brussels to discuss information-sharing and response plans to help NATO member-nations thwart cyber-attackers, NATO itself dropped a startling statistic: it faced more than 2,500 attempted security breaches in 2012. Wed, 05 Jun 2013 19:41:00 GMT http://www.infosecurity-magazine.com/view/32788/nato-admits-to-ongoing-hacking-attempts-sparking-infosharing-discussions/ http://www.infosecurity-magazine.com/view/32789/secunia-names-new-ceo/ Secunia, the Copenhagen-based provider of security software, announced the appointment of Microsoft’s Peter Colsted as the firm’s new chief executive. Wed, 05 Jun 2013 19:00:00 GMT http://www.infosecurity-magazine.com/view/32789/secunia-names-new-ceo/ http://www.infosecurity-magazine.com/view/32787/twitter-headlines-honor-roll-for-online-trustworthiness/ When it comes to best practices for online security and privacy, it turns out that Twitter shines ahead of the rest of the web behemoths in an audit of 750 top domains carried out by the Online Trust Alliance (OTA). The audit also uncovered big areas for improvement across the internet. Wed, 05 Jun 2013 18:56:00 GMT http://www.infosecurity-magazine.com/view/32787/twitter-headlines-honor-roll-for-online-trustworthiness/ http://www.infosecurity-magazine.com/view/32786/human-error-and-system-glitches-drive-nearly-twothirds-of-data-breaches/ The Ponemon Institute today released the 2013 Cost of Data Breach Study: Global Analysis which reveals data breaches are often the result of poor processes, and the latest study from Ponemon Institute bears this out: Human errors and system problems caused two-thirds of data breaches in 2012. They also pushed the global average cost to $136 per compromised record. Wed, 05 Jun 2013 18:47:00 GMT http://www.infosecurity-magazine.com/view/32786/human-error-and-system-glitches-drive-nearly-twothirds-of-data-breaches/ http://www.infosecurity-magazine.com/view/32779/the-effect-of-byod-on-information-security/ A new survey outlines the practical experience of IT/security professionals over the increasing use of personal devices within their business environment during the last 12 months. Wed, 05 Jun 2013 12:13:00 GMT http://www.infosecurity-magazine.com/view/32779/the-effect-of-byod-on-information-security/ http://www.infosecurity-magazine.com/view/32776/check-your-antivirus-product-here/ AMTSO has launched a new web service that allows consumers to check whether their anti-virus implementations are adequate to their needs and correctly configured. Wed, 05 Jun 2013 11:56:00 GMT http://www.infosecurity-magazine.com/view/32776/check-your-antivirus-product-here/ http://www.infosecurity-magazine.com/view/32759/the-rising-tide-of-consumerization/ At Dexter House, London, 5-6 June, Ovum will be hosting its third BYOX World Forum. Today Ovum also releases the results of its 2013 multi-market BYOX employee study analyzing the attitudes and habits of more than 4300 employees in 19 different countries. Wed, 05 Jun 2013 10:15:00 GMT http://www.infosecurity-magazine.com/view/32759/the-rising-tide-of-consumerization/ http://www.infosecurity-magazine.com/view/32758/adobe-cso-fixing-vulnerbilities-wont-thwart-hackers/ For commercial software coders looking to thwart cybercriminals, finding and fixing vulnerabilities is all well and good. In reality, though, that approach to product security can be a colossal waste of time and resources, according to Adobe's Brad Arkin. What really makes a difference is mitigation. Tue, 04 Jun 2013 20:19:00 GMT http://www.infosecurity-magazine.com/view/32758/adobe-cso-fixing-vulnerbilities-wont-thwart-hackers/ http://www.infosecurity-magazine.com/view/32757/americans-concerned-about-data-breaches-but-split-on-government-disclosure-regulation/ As the government continues to mull regulations on cybersecurity info-sharing, a survey shows that a majority of Americans (82.1%) are concerned about a data breach involving at least one of five organization types. However, they’re evenly mixed on whether legislation should require private businesses to share cyber-attack information with the government. Tue, 04 Jun 2013 19:44:00 GMT http://www.infosecurity-magazine.com/view/32757/americans-concerned-about-data-breaches-but-split-on-government-disclosure-regulation/ http://www.infosecurity-magazine.com/view/32755/nettraveler-spyware-compromised-1000-political-and-industrial-targets/ The malware behind a widespread cyber-espionage campaign against political and critical industry targets has been called out: NetTraveler, a malicious program used for covert computer surveillance, has successfully compromised at least 350 high-profile victims in 40 countries, with the total likely closer to 1,000. Tue, 04 Jun 2013 19:22:00 GMT http://www.infosecurity-magazine.com/view/32755/nettraveler-spyware-compromised-1000-political-and-industrial-targets/ http://www.infosecurity-magazine.com/view/32748/new-smartphone-chip-solves-the-mobile-digital-rights-management-problem/ ARM, the British chip manufacturer that dominates the world's smartphones, is making it more attractive for high-value video content producers (Hollywood studios) to make HD films available on smartphones. Tue, 04 Jun 2013 15:15:00 GMT http://www.infosecurity-magazine.com/view/32748/new-smartphone-chip-solves-the-mobile-digital-rights-management-problem/ http://www.infosecurity-magazine.com/view/32744/be-careful-where-you-get-your-apple-ios7-news-it-may-be-a-phish/ Security researchers have discovered a new phishing website ‘under construction’; one designed to take advantage of rapidly growing iOS7-mania. Tue, 04 Jun 2013 12:26:00 GMT http://www.infosecurity-magazine.com/view/32744/be-careful-where-you-get-your-apple-ios7-news-it-may-be-a-phish/ http://www.infosecurity-magazine.com/view/32735/older-cyberthreats-return-stronger-and-more-dangerous/ Cybercriminals are becoming much more savvy, developing new malware approaches and evolving old ones. In fact, many of the threats uncovered as growing in Q1 by McAfee’s latest Quarterly Threats Report are actually older concerns that have been dormant for a while and now have returned. But while this “retro-ware” may harken back to an earlier time, it is now being deployed in more targeted and dangerous fashion than before. Tue, 04 Jun 2013 11:15:00 GMT http://www.infosecurity-magazine.com/view/32735/older-cyberthreats-return-stronger-and-more-dangerous/ http://www.infosecurity-magazine.com/view/32743/strict-data-protection-rules-will-improve-rather-than-weaken-law-enforcement/ In his Opinion on the EC’s proposed legal framework for Europol, the European Data Protection Supervisor states that strong data protection principles – of the sort that would prevent the UK’s Communications Data Bill – would improve rather than weaken law enforcement. Tue, 04 Jun 2013 11:00:00 GMT http://www.infosecurity-magazine.com/view/32743/strict-data-protection-rules-will-improve-rather-than-weaken-law-enforcement/ http://www.infosecurity-magazine.com/view/32734/pci-council-gears-up-to-open-project-proposals-for-special-initiatives/ The PCI Security Standards Council (PCI SSC) has kicked off the proposal period for PCI Special Interest Group (SIG) 2014 projects revolving around payment card security standards. Mon, 03 Jun 2013 18:47:00 GMT http://www.infosecurity-magazine.com/view/32734/pci-council-gears-up-to-open-project-proposals-for-special-initiatives/ http://www.infosecurity-magazine.com/view/32733/malicious-charger-can-compromise-iphone-and-ipad-in-under-one-minute/ Security for Apple mobile devices has been looking pretty good in light of the tsunami of Android malware making headlines lately, but a newly discovered hardware vulnerability in the Apple iPhone, iPad and iPod Touch adds new concern when it comes to the iOS platform. Mon, 03 Jun 2013 18:39:00 GMT http://www.infosecurity-magazine.com/view/32733/malicious-charger-can-compromise-iphone-and-ipad-in-under-one-minute/ http://www.infosecurity-magazine.com/view/32719/evernote-beefs-up-security-with-twofactor-verification/ Evernote has become the latest online denizen to roll-out two-step verification for accounts, following a hack that required all 50 million users to reset their passwords. It’s also implemented access history and authorized applications features. Mon, 03 Jun 2013 13:15:00 GMT http://www.infosecurity-magazine.com/view/32719/evernote-beefs-up-security-with-twofactor-verification/ http://www.infosecurity-magazine.com/view/32718/cybercriminals-consider-their-financial-options-postliberty-reserve/ In the wake of a favorite money-laundering service being seized and taken down by the US government, the hacking underworld is mulling what to do next, financially. Mon, 03 Jun 2013 13:00:00 GMT http://www.infosecurity-magazine.com/view/32718/cybercriminals-consider-their-financial-options-postliberty-reserve/ http://www.infosecurity-magazine.com/view/32726/amazon-cloud-servers-host-data-on-millions-of-school-children-/ inBloom Inc, a company created and funded by the Gates Foundation and using an operating system from Wireless/Amplify (a subsidiary of Rupert Murdoch’s News Corporation) is collecting and storing the personal information of millions of US schoolchildren on Amazon’s cloud servers. Mon, 03 Jun 2013 12:46:00 GMT http://www.infosecurity-magazine.com/view/32726/amazon-cloud-servers-host-data-on-millions-of-school-children-/ http://www.infosecurity-magazine.com/view/32724/google-wont-approve-facial-recognition-for-glass/ No facial recognition for Google Glass yet – at least not through the front door - "without having strong privacy protections in place" confirmed Google in a brief Google+ statement Friday.” Mon, 03 Jun 2013 11:00:00 GMT http://www.infosecurity-magazine.com/view/32724/google-wont-approve-facial-recognition-for-glass/ http://www.infosecurity-magazine.com/view/32720/google-must-comply-with-nsls-says-judge/ A company, assumed to be Google, had challenged the legality of 19 National Security Letters demanding account information on its users; but a judge last week ruled that it must comply. Mon, 03 Jun 2013 07:47:00 GMT http://www.infosecurity-magazine.com/view/32720/google-must-comply-with-nsls-says-judge/ http://www.infosecurity-magazine.com/view/32717/linkedin-adds-twofactor-authentication/ In the wake of high-profile Twitter and Facebook hackings and about a year after it experienced a password heist, LinkedIn is beefing up its security: it has become the latest web denizen to join the optional two-factor verification fray, and is now offering free trials of security software to users. Fri, 31 May 2013 21:28:00 GMT http://www.infosecurity-magazine.com/view/32717/linkedin-adds-twofactor-authentication/ http://www.infosecurity-magazine.com/view/32705/cisco-challenges-microsofts-acquisition-of-skype/ Cisco has challenged the EC’s approval of Microsoft’s $8.5 billion acquisition of Skype in 2011 in the Luxembourg General Court. If Cisco is successful, the EC would be forced to annul its earlier approval. Fri, 31 May 2013 12:45:00 GMT http://www.infosecurity-magazine.com/view/32705/cisco-challenges-microsofts-acquisition-of-skype/ http://www.infosecurity-magazine.com/view/32704/apples-twofactor-authentication-is-not-very-thorough/ Back in February, Norwegian hackers were raiding teenage girls’ iCloud accounts, downloading photos and offering them for sale. By March, Apple had introduced and started to roll out optional two-factor authentication to improve security. But it’s not that good, reports Elcomsoft. Fri, 31 May 2013 11:36:00 GMT http://www.infosecurity-magazine.com/view/32704/apples-twofactor-authentication-is-not-very-thorough/ http://www.infosecurity-magazine.com/view/32703/ticking-time-bomb-caused-by-alwayson-work-ethic/ The potential for collaboration took a huge step forwards with the rise of BYOD; but the reality of secure collaboration took a huge step backwards. A new State of the Enterprise Information Landscape report shows a ticking time bomb in the enterprise. Fri, 31 May 2013 10:00:00 GMT http://www.infosecurity-magazine.com/view/32703/ticking-time-bomb-caused-by-alwayson-work-ethic/ http://www.infosecurity-magazine.com/view/32699/internet-piracy-could-be-fought-with-legalized-ransomware/ Media companies and intellectual property rights holders face piracy issues every day over music, television and film properties, and despite their best litigious efforts, illegal content continues to find its way out to the web. So what’s the MPAA or RIAA to do? According to an 84-page report from the Commission on the Theft of American Intellectual Property, ransomware, hack-backs and spyware may be just the ticket. Thu, 30 May 2013 19:51:00 GMT http://www.infosecurity-magazine.com/view/32699/internet-piracy-could-be-fought-with-legalized-ransomware/ http://www.infosecurity-magazine.com/view/32698/microsoft-unveils-cloudbased-realtime-botnet-infosharing-initiative/ Microsoft has kicked off the Cyber Threat Intelligence Program (C-TIP), an outgrowth of its information-sharing initiative around botnets. Thu, 30 May 2013 19:24:00 GMT http://www.infosecurity-magazine.com/view/32698/microsoft-unveils-cloudbased-realtime-botnet-infosharing-initiative/ http://www.infosecurity-magazine.com/view/32697/drupal-hit-by-massive-data-breach/ Drupal, the open source content management system, is resetting the passwords for nearly one million accounts in the wake of a data breach. Thu, 30 May 2013 18:54:00 GMT http://www.infosecurity-magazine.com/view/32697/drupal-hit-by-massive-data-breach/ http://www.infosecurity-magazine.com/view/32672/mcafee-overhauls-its-malware-protection-approach/ Geared with an eye to the escalating sophistication of malware, McAfee is rolling out a new approach to threat protection, using rootkit protection based on hardware-enhanced security jointly developed by Intel and McAfee, dynamic whitelisting, risk intelligence and real-time security management. Thu, 30 May 2013 14:45:00 GMT http://www.infosecurity-magazine.com/view/32672/mcafee-overhauls-its-malware-protection-approach/ http://www.infosecurity-magazine.com/view/32692/bug-found-in-playstation-3/ If you haven't already upgraded your Playstation 3 firmware from 4.31 to the 4.41 version released at the end of last month, now might be a good time to do so - it fixes a bug found by Vulnerability Lab six months ago. Thu, 30 May 2013 14:42:00 GMT http://www.infosecurity-magazine.com/view/32692/bug-found-in-playstation-3/ http://www.infosecurity-magazine.com/view/32680/53-uk-population-concerned-about-nationstate-cyber-attacks/ A new survey of attitudes aiming to illustrate consumer awareness of the privacy and security implications of cyber attacks indicates a high concern among the British public over the specific danger of nation-sponsored attacks – effectively cyber war. Thu, 30 May 2013 10:00:00 GMT http://www.infosecurity-magazine.com/view/32680/53-uk-population-concerned-about-nationstate-cyber-attacks/ http://www.infosecurity-magazine.com/view/32677/ecs-proposed-general-data-protection-regulation-is-struggling/ The GDPR was designed to bring tough new standardized data protection regulations across Europe; but intensive lobbying, and thousands of proposed amendments has left it struggling for survival. Thu, 30 May 2013 07:56:00 GMT http://www.infosecurity-magazine.com/view/32677/ecs-proposed-general-data-protection-regulation-is-struggling/ http://www.infosecurity-magazine.com/view/32671/ruby-on-rails-exploit-shows-up-in-the-wild/ A Ruby on Rails exploit of a known vulnerability has been found operating in the wild, researchers say, and is hard at work setting up an IRC bot. Wed, 29 May 2013 19:53:00 GMT http://www.infosecurity-magazine.com/view/32671/ruby-on-rails-exploit-shows-up-in-the-wild/ http://www.infosecurity-magazine.com/view/32670/feds-bust-international-moneylaundering-hub-for-hackers/ A Costa Rican money-transfer company known as Liberty Reserve has been uncovered as one of the largest money-laundering operations in history, allegedly offering virtual currency transactions and a safe haven for cybercriminals of all stripes. Wed, 29 May 2013 19:36:00 GMT http://www.infosecurity-magazine.com/view/32670/feds-bust-international-moneylaundering-hub-for-hackers/ http://www.infosecurity-magazine.com/view/32649/the-virtual-global-task-force-report-on-online-child-pornography/ Online child pornography, rather than child sexual abuse, may be a useful distinction to help prevent online offenders developing into physical abusers – thought to be a potential rather than inevitable progression. Wed, 29 May 2013 13:00:00 GMT http://www.infosecurity-magazine.com/view/32649/the-virtual-global-task-force-report-on-online-child-pornography/