http://www.infosecurity-magazine.com/ Copyright Elsevier Ltd Intuitiv Ltd (www.intuitiv.net) Sat, 18 May 2013 15:26:59 GMT http://www.infosecurity-magazine.com/ http://www.infosecurity-magazine.com/_common/img/template/infosec-uk/site-logo.gif http://www.infosecurity-magazine.com/view/32495/apple-fixes-41-flaws-in-itunes/ Apple has patched 41 vulnerabilities in iTunes with version 11.0.3 of the digital store for OS X and Windows, including the one that Pinkie Pie rode to a $60,000 prize in the Google Pwnium 2 hackathon. Fri, 17 May 2013 19:53:00 GMT http://www.infosecurity-magazine.com/view/32495/apple-fixes-41-flaws-in-itunes/ http://www.infosecurity-magazine.com/view/32494/syrian-activists-hack-financial-times-twitter-feed-time-for-new-password-approaches/ The Syrian Electronic Army is continuing its campaign to highjack the Twitter accounts of high-profile media outlets, with the Financial Times becoming its latest victim. Fri, 17 May 2013 19:46:00 GMT http://www.infosecurity-magazine.com/view/32494/syrian-activists-hack-financial-times-twitter-feed-time-for-new-password-approaches/ http://www.infosecurity-magazine.com/view/32482/the-apps-act-a-proposal-to-protect-users-mobile-privacy/ Rep. Hank Johnson, D-Ga, has introduced the bipartisan Application Privacy, Protection and Security (APPS) Act of 2013 (H.R. 1913). Its purpose is to require app developers to maintain privacy policies, obtain consent from consumers before collecting data, and securely maintain the data they collect. Fri, 17 May 2013 12:52:00 GMT http://www.infosecurity-magazine.com/view/32482/the-apps-act-a-proposal-to-protect-users-mobile-privacy/ http://www.infosecurity-magazine.com/view/32478/indian-malware-campaign-targeting-pakistan-uncovered/ A leading anti-malware company has uncovered a wide-ranging malware campaign that appears to originate in India and seems primarily to target Pakistan with data-stealing malware. Fri, 17 May 2013 11:35:00 GMT http://www.infosecurity-magazine.com/view/32478/indian-malware-campaign-targeting-pakistan-uncovered/ http://www.infosecurity-magazine.com/view/32473/new-mac-malware-discovered-live-on-stage/ Proving that not all demonstrations are staged, a previously unknown Mac backdoor was discovered during a live presentation at the Oslo Freedom Forum earlier this week. Fri, 17 May 2013 10:22:00 GMT http://www.infosecurity-magazine.com/view/32473/new-mac-malware-discovered-live-on-stage/ http://www.infosecurity-magazine.com/view/32469/dhs-critical-infrastructure-threats-up-68-in-2012/ Critical infrastructure threats are up significantly according to US officials – a worrying state of affairs that spans a wide range of threat vectors and potential participants. Thu, 16 May 2013 22:00:00 GMT http://www.infosecurity-magazine.com/view/32469/dhs-critical-infrastructure-threats-up-68-in-2012/ http://www.infosecurity-magazine.com/view/32470/cloud-security-readiness-tool-results-show-overwhelming-lack-of-maturity-/ Since its launch in October 2012, 5,700 people have used the Microsoft Cloud Security Readiness Tool (CSRT). The tool asks 27 questions regarding the current state of an organisation’s security posture and cloud readiness. The results have been anonymised and analysed, and the overarching conclusion is that most organisations are relatively immature across almost all control areas represented by the CSRT. Thu, 16 May 2013 21:37:00 GMT http://www.infosecurity-magazine.com/view/32470/cloud-security-readiness-tool-results-show-overwhelming-lack-of-maturity-/ http://www.infosecurity-magazine.com/view/32468/barracuda-ups-secure-storage-capacity-to-15gb/ Barracuda Networks, eyeing Google’s move to unify storage across its products, has increased the amount of free cloud storage for its own Copy online file syncing users, from 5GB to 15GB. Thu, 16 May 2013 19:00:00 GMT http://www.infosecurity-magazine.com/view/32468/barracuda-ups-secure-storage-capacity-to-15gb/ http://www.infosecurity-magazine.com/view/32467/eu-may-consider-hackback-legislation/ The European Union could soon consider a proposal that would give law enforcement the ability to engage in “offensive hacking,” i.e., compromise private infrastructure and systems to gather information via spyware, delete data or even take servers offline completely when there is probable cause to suspect cybercriminal activity. Thu, 16 May 2013 18:46:00 GMT http://www.infosecurity-magazine.com/view/32467/eu-may-consider-hackback-legislation/ http://www.infosecurity-magazine.com/view/32455/did-stuxnet-help-rather-than-hinder-irans-nuclear-program/ Stuxnet is often cited as history’s first true cyber weapon. By common consensus it was developed and used by the US and Israel to successfully disrupt Iran’s nuclear program – but a new report questions its success. Thu, 16 May 2013 13:26:00 GMT http://www.infosecurity-magazine.com/view/32455/did-stuxnet-help-rather-than-hinder-irans-nuclear-program/ http://www.infosecurity-magazine.com/view/32453/ciso-chief-infosec-scapegoat-officer/ CISOs are often the first victim following a major security breach. Given the prevalence of such breaches, the average tenure of a CISO is now just 18 months; and this is likely to worsen if corporate security doesn’t improve. Thu, 16 May 2013 11:51:00 GMT http://www.infosecurity-magazine.com/view/32453/ciso-chief-infosec-scapegoat-officer/ http://www.infosecurity-magazine.com/view/32447/enhanced-and-advanced-pushdo-botnet-is-back/ Pushdo, one of the more enduring and resilient botnets, has already survived four takedowns in five years. Now a new variant with new evasion techniques has been detected. Thu, 16 May 2013 10:00:00 GMT http://www.infosecurity-magazine.com/view/32447/enhanced-and-advanced-pushdo-botnet-is-back/ http://www.infosecurity-magazine.com/view/32445/twitter-uses-automation-to-improve-security-/ The Twitter product security team are improving the security of their code by adopting more security automation. Thu, 16 May 2013 07:00:00 GMT http://www.infosecurity-magazine.com/view/32445/twitter-uses-automation-to-improve-security-/ http://www.infosecurity-magazine.com/view/32444/lulzsec-pirates-plead-guilty-to-hacking-/ Four LulzSec members who claim to be "latter-day pirates" have plead guilty to hacking charges and compromising millions of people's information. Wed, 15 May 2013 20:27:00 GMT http://www.infosecurity-magazine.com/view/32444/lulzsec-pirates-plead-guilty-to-hacking-/ http://www.infosecurity-magazine.com/view/32443/gamechanger-android-malware-moves-beyond-apps/ Android malware authors have officially turned the complexity corner, according to an analysis of mobile malware for the first quarter of 2013. The size and scope of the Android threatscape is evolving, adding new tactics and advanced approaches that extend beyond malicious applications. Wed, 15 May 2013 19:56:00 GMT http://www.infosecurity-magazine.com/view/32443/gamechanger-android-malware-moves-beyond-apps/ http://www.infosecurity-magazine.com/view/32442/industry-groups-join-forces-on-smart-fare-security-for-public-transportation/ Smart ticketing and electronic fare sales for public transportion may not seem an obvious target for a cyber-crook at first glance, but when you consider all the credit card transactions and contactless payments flying around, e-security emerges as a big concern, particularly when it comes to the cards themselves. Wed, 15 May 2013 19:43:00 GMT http://www.infosecurity-magazine.com/view/32442/industry-groups-join-forces-on-smart-fare-security-for-public-transportation/ http://www.infosecurity-magazine.com/view/32434/why-is-microsoft-reading-users-skype-messages/ Heise Security published a suggestion that Microsoft is reading users’ Skype messages, but Microsoft maintains automated scanning is used to identify suspected spam and phishing links. Wed, 15 May 2013 15:44:00 GMT http://www.infosecurity-magazine.com/view/32434/why-is-microsoft-reading-users-skype-messages/ http://www.infosecurity-magazine.com/view/32419/more-than-13000-visitors-attended-infosecurity-europe-2013/ Infosecurity Europe has released basic figures on last month’s eighteenth annual exhibition and conference: pre-ABC audit figures show a 6% increase in visitors over 2012 to 13,200, with more than 70 new exhibitors. Wed, 15 May 2013 12:15:00 GMT http://www.infosecurity-magazine.com/view/32419/more-than-13000-visitors-attended-infosecurity-europe-2013/ http://www.infosecurity-magazine.com/view/32417/browsers-ability-to-block-malware-downloads-analyzed-and-compared/ The five leading browsers – Chrome, Firefox, Internet Explorer, Safari and Opera – were tested against 754 samples of real-world malicious software. The results show a marked difference in the browsers’ ability to act as a first line of defense against malware. Wed, 15 May 2013 11:32:00 GMT http://www.infosecurity-magazine.com/view/32417/browsers-ability-to-block-malware-downloads-analyzed-and-compared/ http://www.infosecurity-magazine.com/view/32409/application-vulnerabilities-remain-securitys-biggest-concern/ The latest Global Information Security Workforce Study (GISWS) shows that application vulnerabilities continue to be the biggest concern for security professionals, with 69% of participants indicating it is the number one security threat. Wed, 15 May 2013 09:13:00 GMT http://www.infosecurity-magazine.com/view/32409/application-vulnerabilities-remain-securitys-biggest-concern/ http://www.infosecurity-magazine.com/view/32406/microsofts-lipner-declares-cost-and-lack-of-management-approval-secure-development-roadblocks-/ Cost and lack of support, training, and management approval are the roadblocks standing in the way of secure development, said Steve Lipner, partner director of programme management in Trustworthy Computing Security at Microsoft, in a press conference at Security Development Conference in San Francisco, May 14 2013. Wed, 15 May 2013 02:00:00 GMT http://www.infosecurity-magazine.com/view/32406/microsofts-lipner-declares-cost-and-lack-of-management-approval-secure-development-roadblocks-/ http://www.infosecurity-magazine.com/view/32403/ddosforhire-sevices-turn-to-mainstream-advertising/ DDoS services for hire – so-called “booters” that can be hired to knock, or boot, a website offline – are making their way out of the dark shadow-world of hacker message boards and forums, instead taking payments via PayPal and advertising in mainstream venues like YouTube with handy videos featuring hired actors. Tue, 14 May 2013 20:45:00 GMT http://www.infosecurity-magazine.com/view/32403/ddosforhire-sevices-turn-to-mainstream-advertising/ http://www.infosecurity-magazine.com/view/32405/microsoft-declares-conformity-to-iso-270341-and-scott-charney-calls-for-industry-to-follow-/ Opening the Security Development Conference in San Francisco, May 14 2013, Microsoft’s corporate vice president of Trustworthy Computing, Scott Charney, called for vendors and governments to follow Microsoft’s lead in conforming to the ISO 27034-1 standard. Tue, 14 May 2013 20:39:00 GMT http://www.infosecurity-magazine.com/view/32405/microsoft-declares-conformity-to-iso-270341-and-scott-charney-calls-for-industry-to-follow-/ http://www.infosecurity-magazine.com/view/32404/howard-schmidt-announces-safecode-secure-software-development-training/ At the Security Development Conference in San Francisco, Howard Schmidt, executive director, SAFECode, announced that the non-for-profit organization is tackling software development and engineering security with a set of free online training courses, available via on-demand webcasts and covering a range of issues, from preventing SQL injection to avoiding cross-site request forgery. Tue, 14 May 2013 20:13:00 GMT http://www.infosecurity-magazine.com/view/32404/howard-schmidt-announces-safecode-secure-software-development-training/ http://www.infosecurity-magazine.com/view/32402/morrocan-ghosts-web-hosting-hack-opens-up-dozens-of-israeli-targets/ A full 52 Israeli websites were hit this week by a group calling themselves the Moroccan Ghosts. The hacktivists defaced Israeli sites by replacing the homepages with political propaganda pages and played Moroccan music over the images. Tue, 14 May 2013 19:33:00 GMT http://www.infosecurity-magazine.com/view/32402/morrocan-ghosts-web-hosting-hack-opens-up-dozens-of-israeli-targets/ http://www.infosecurity-magazine.com/view/32401/video-interview-off-the-shelf-cyber-threats-increasingly-complicate-the-security-landscape/ IBM's Tom Turner talks to Drew Amorosi, deputy editor of Infosecurity magazine, at the recent Infosecurity Europe conference in London. Tue, 14 May 2013 18:48:00 GMT http://www.infosecurity-magazine.com/view/32401/video-interview-off-the-shelf-cyber-threats-increasingly-complicate-the-security-landscape/ http://www.infosecurity-magazine.com/view/32383/ico-publishes-confused-and-confusing-report-on-gdpr/ The EC has proposed a standardized General Data Protection Regulation (GDPR) across Europe, claiming it will save business £billions. The UK says it will cost business £millions. The ICO commissioned London Economics to find out who is right. Tue, 14 May 2013 13:54:00 GMT http://www.infosecurity-magazine.com/view/32383/ico-publishes-confused-and-confusing-report-on-gdpr/ http://www.infosecurity-magazine.com/view/32374/judge-allows-redacted-disclosure-of-reddit-cofounders-documents/ The US government and MIT/JSTOR had agreed that documents concerning the prosecution of Aaron Swartz could, in part, be made public. The Swartz estate asked for the documents in full. The court has denied the estate and allowed the government and MIT/JSTOR to redact certain information. Tue, 14 May 2013 11:54:00 GMT http://www.infosecurity-magazine.com/view/32374/judge-allows-redacted-disclosure-of-reddit-cofounders-documents/ http://www.infosecurity-magazine.com/view/32369/mideast-sabotage-threats-target-us-energy-sector/ A new crop of Mideast-originated cyberattacks are targeting the American energy sector, with the intent of sabotage, not just espionage. Mon, 13 May 2013 19:57:00 GMT http://www.infosecurity-magazine.com/view/32369/mideast-sabotage-threats-target-us-energy-sector/ http://www.infosecurity-magazine.com/view/32368/consumers-still-ignoring-malware-protection-/ As many as 58.2 million American adults had at least one malware infection that affected their home PCs’ features or performance in the past year – a fact that collectively cost nearly $4 billion for repairs. Mon, 13 May 2013 19:28:00 GMT http://www.infosecurity-magazine.com/view/32368/consumers-still-ignoring-malware-protection-/ http://www.infosecurity-magazine.com/view/32367/carwrapper-scam-claiming-more-victims-via-email/ A long-running spam campaign offering money in return for consumers helping to advertise an array of products with “car wrappers” is gathering steam of late, thanks to its plausible premise. Mon, 13 May 2013 19:24:00 GMT http://www.infosecurity-magazine.com/view/32367/carwrapper-scam-claiming-more-victims-via-email/ http://www.infosecurity-magazine.com/view/32364/surveillance-software-targeted-britishbahraini-citizen/ A witness statement filed in the high court London claims that Gamma International’s FinFisher (FinSpy) covert surveillance software targeted the computer of a leading Bahraini activist who holds dual British and Bahraini citizenship. Mon, 13 May 2013 16:16:00 GMT http://www.infosecurity-magazine.com/view/32364/surveillance-software-targeted-britishbahraini-citizen/ http://www.infosecurity-magazine.com/view/32365/video-interview-isc-broadens-certification-offerings-to-forensics-and-cloud-security/ Deputy editor of Infosecurity magazine, Drew Amorosi, talks to (ISC)²'s new chief operating officer at Infosecurity Europe 2013. Mon, 13 May 2013 16:00:00 GMT http://www.infosecurity-magazine.com/view/32365/video-interview-isc-broadens-certification-offerings-to-forensics-and-cloud-security/ http://www.infosecurity-magazine.com/view/32358/telecom-fraud-a-chinese-variant-on-the-police-trojan-explained/ Fraud is big business in China. Last year there were more than 170,000 cases causing losses of more than $12.5 billion. New evidence suggests this might be getting worse with increasingly sophisticated cyber fraud. Mon, 13 May 2013 12:46:00 GMT http://www.infosecurity-magazine.com/view/32358/telecom-fraud-a-chinese-variant-on-the-police-trojan-explained/ http://www.infosecurity-magazine.com/view/32353/chrome-and-firefox-extension-hijacks-facebook-accounts/ First discovered in April this year, Trojan:JS/Febipos.A is a malicious browser extension specifically targeting Chrome and Mozilla Firefox and designed to hijack the victim’s Facebook account. Mon, 13 May 2013 10:12:00 GMT http://www.infosecurity-magazine.com/view/32353/chrome-and-firefox-extension-hijacks-facebook-accounts/ http://www.infosecurity-magazine.com/view/32350/snapchats-expired-snaps-are-not-deleted-just-hidden/ Snapchat doesn’t delete expired photos on Android phones – it merely tells the operating system to ignore them. That means they are still available for retrieval with the right forensic software. Mon, 13 May 2013 08:52:00 GMT http://www.infosecurity-magazine.com/view/32350/snapchats-expired-snaps-are-not-deleted-just-hidden/ http://www.infosecurity-magazine.com/view/32348/hackers-looted-45-million-in-global-atm-heist/ A global gang of hackers managed to siphon off $45 million from ATMs thanks to outdated US credit card technology. Fri, 10 May 2013 20:14:00 GMT http://www.infosecurity-magazine.com/view/32348/hackers-looted-45-million-in-global-atm-heist/ http://www.infosecurity-magazine.com/view/32346/almost-half-of-employees-admit-to-bypassing-security-controls/ Security shouldn’t get in the way of doing business and closing sales, but many organizations are wrestling with data protection strategies that block employees' ability to get the information they need to do their jobs. Almost half of all employees in a recent survey admitted to bypassing security regulations in order to get their job done. That's breeding apathy, too: 40% admitted that if they were breached no one would notice. Fri, 10 May 2013 19:52:00 GMT http://www.infosecurity-magazine.com/view/32346/almost-half-of-employees-admit-to-bypassing-security-controls/ http://www.infosecurity-magazine.com/view/32345/data-breach-at-washington-state-courts-exposes-info-on-1-million-people/ Attackers exploiting Adobe’s ColdFusion app server made off with 160,000 Social Security numbers, and gained access to the driver’s license numbers and names of up to 1 million people logged in the Washington State court system in a data breach that was recorded over February and March. Fri, 10 May 2013 19:34:00 GMT http://www.infosecurity-magazine.com/view/32345/data-breach-at-washington-state-courts-exposes-info-on-1-million-people/ http://www.infosecurity-magazine.com/view/32339/video-interview-unpatched-vulnerabilities-remain-a-primary-security-challenge/ Eleanor Dallaway, editor of Infosecurity magazine, interviews Mark Raeburn of Context Information Security at Infosecurity Europe 2013 in London. Fri, 10 May 2013 15:29:00 GMT http://www.infosecurity-magazine.com/view/32339/video-interview-unpatched-vulnerabilities-remain-a-primary-security-challenge/ http://www.infosecurity-magazine.com/view/32336/chrome-extension-briefly-allows-drmfree-downloads-from-spotify-encryption-may-not-be-the-answer-/ A Chrome extension called Downloadify allowed DRM-free downloads from Spotify’s library of 20 million songs before remedial action by Spotify and withdrawal from the Chrome store by Google. Fri, 10 May 2013 13:43:00 GMT http://www.infosecurity-magazine.com/view/32336/chrome-extension-briefly-allows-drmfree-downloads-from-spotify-encryption-may-not-be-the-answer-/ http://www.infosecurity-magazine.com/view/32331/may-2013-patch-tuesday-preview/ Next week’s Microsoft patch releases will comprise 10 bulletins: 2 critical and 8 important. The two critical updates involve Internet Explorer and are thought to fix the vulnerabilities used in the recent Labor Department water-hole attack, and the successful attack employed at Pwn2Own earlier this year. Fri, 10 May 2013 11:18:00 GMT http://www.infosecurity-magazine.com/view/32331/may-2013-patch-tuesday-preview/ http://www.infosecurity-magazine.com/view/32326/video-interview-cyber-battles-more-important-than-cyber-war/ Drew Amorosi, deputy editor of Infosecurity magazine, interviews Canon Europe's director of information security at Infosecurity Europe 2013. Fri, 10 May 2013 11:00:00 GMT http://www.infosecurity-magazine.com/view/32326/video-interview-cyber-battles-more-important-than-cyber-war/ http://www.infosecurity-magazine.com/view/32325/privileged-account-insecurity-opens-door-wide-to-apts/ Despite high-profile warnings by security researchers, a majority of organizations are failing to enact recommended best practice security policies around one of the primary targets of advanced attacks – privileged accounts. Thu, 09 May 2013 19:40:00 GMT http://www.infosecurity-magazine.com/view/32325/privileged-account-insecurity-opens-door-wide-to-apts/ http://www.infosecurity-magazine.com/view/32324/despite-widespread-adoption-companies-fail-to-implement-byod-policy/ As the influx of personal mobile devices into the workplace continues apace, a new survey shows that security is both the top concern and top measure for success for enterprises implementing bring-your-own-device (BYOD) programs. Thu, 09 May 2013 19:21:00 GMT http://www.infosecurity-magazine.com/view/32324/despite-widespread-adoption-companies-fail-to-implement-byod-policy/ http://www.infosecurity-magazine.com/view/32323/iso-approves-ediscovery-standards-development/ The International Organisation for Standardisation has given its final approval for the development of an international standard for the discovery of electronically stored information (ESI), aimed at giving greater credibility to digital evidence in legal matters and forensics through the implementation of a secure framework and guidelines for the process. Thu, 09 May 2013 19:16:00 GMT http://www.infosecurity-magazine.com/view/32323/iso-approves-ediscovery-standards-development/ http://www.infosecurity-magazine.com/view/32319/sms-phishing-leads-to-an-advance-fee-spam-scam-across-europe/ A web text phishing scam is spreading across Europe, with users being tricked into allowing thousands of spam text messages to be sent from their accounts – and sometimes resulting in huge phone bills. Thu, 09 May 2013 13:31:00 GMT http://www.infosecurity-magazine.com/view/32319/sms-phishing-leads-to-an-advance-fee-spam-scam-across-europe/ http://www.infosecurity-magazine.com/view/32312/video-interview-web-browsers-responsible-for-majority-of-malware-infections/ Eleanor Dallaway, editor of Infosecurity magazine, sits down with Qualys’ Wolfgang Kandek at the recent Infosecurity Europe conference in London to discuss the information security threat landscape. Thu, 09 May 2013 13:30:00 GMT http://www.infosecurity-magazine.com/view/32312/video-interview-web-browsers-responsible-for-majority-of-malware-infections/ http://www.infosecurity-magazine.com/view/32311/video-interview-experts-discuss-statesponsored-cyber-attacks/ At Infosecurity Europe 2013, Drew Amorosi – deputy editor of Infosecurity – assembled a panel of industry experts to discuss state-sponsored cyber attacks, and the legal frameworks that govern them. Thu, 09 May 2013 12:00:00 GMT http://www.infosecurity-magazine.com/view/32311/video-interview-experts-discuss-statesponsored-cyber-attacks/ http://www.infosecurity-magazine.com/view/32318/75m-university-fund-to-train-cybersecurity-experts-/ Royal Holloway (University of London) and Oxford University have each received funding of almost £4 million to provide new centers for doctoral training (CDT) to address the UK’s national need for cyber security expertise. Thu, 09 May 2013 11:44:00 GMT http://www.infosecurity-magazine.com/view/32318/75m-university-fund-to-train-cybersecurity-experts-/ http://www.infosecurity-magazine.com/view/32314/queens-speech-keeps-the-communications-data-bill-alive/ “In relation to the problem of matching internet protocol addresses, my Government will bring forward proposals to enable the protection of the public and the investigation of crime in cyberspace”, says the Queen’s Speech, May 2013. Thu, 09 May 2013 10:00:00 GMT http://www.infosecurity-magazine.com/view/32314/queens-speech-keeps-the-communications-data-bill-alive/ http://www.infosecurity-magazine.com/view/32310/data-breaches-loom-in-the-face-of-business-transformation/ The move to cloud applications, ever-present mobility, Big Data and an escalating set of complex cyber-attack vectors and malware are all conspiring to overwhelm security professionals, leaving the door for many businesses wide open to data breaches. Wed, 08 May 2013 20:11:00 GMT http://www.infosecurity-magazine.com/view/32310/data-breaches-loom-in-the-face-of-business-transformation/ http://www.infosecurity-magazine.com/view/32308/senate-introduces-cyberespionage-bill/ As CISPA languishes in the US Senate, likely never to see the light of day in that chamber, a bipartisan group of lawmakers have introduced a different cybersecurity bill aimed at thwarting corporate espionage. Wed, 08 May 2013 19:44:00 GMT http://www.infosecurity-magazine.com/view/32308/senate-introduces-cyberespionage-bill/ http://www.infosecurity-magazine.com/view/32302/fake-av-attack-on-dcarea-media-shows-rise-of-mass-compromises/ Two local Washington DC media outlets – WTOP and sister station Federal News Radio, and the Dvorak Uncensored pundit blog – all became the victims of bad actors looking to make a buck with scareware earlier this week. The stunt is indicative of a rising tide of mass compromises, researchers said. Wed, 08 May 2013 19:22:00 GMT http://www.infosecurity-magazine.com/view/32302/fake-av-attack-on-dcarea-media-shows-rise-of-mass-compromises/ http://www.infosecurity-magazine.com/view/32284/is-it-time-to-dump-antivirus/ If Saturday was Star Wars day (May the Fourth be with you), yesterday was the day the Empire strikes back: Long live endpoint protection! says Trend Micros’s chief technology officer. Wed, 08 May 2013 12:33:00 GMT http://www.infosecurity-magazine.com/view/32284/is-it-time-to-dump-antivirus/ http://www.infosecurity-magazine.com/view/32268/video-interview-challenges-facing-information-security-professionals/ Infosecurity magazine’s Eleanor Dallaway sits down with representatives of ISACA, (ISC)², and the ISSA at the recent Infosecurity Europe conference in London. Wed, 08 May 2013 12:15:00 GMT http://www.infosecurity-magazine.com/view/32268/video-interview-challenges-facing-information-security-professionals/ http://www.infosecurity-magazine.com/view/32265/all-kidding-aside-the-syrian-electronic-army-hacks-the-onion/ The Syrian Electronic Army apparently has a humorous side. Hackers supporting the regime of Syrian president Bashar al-Assad hijacked the Twitter account of The Onion, the well-known parody news website, issuing joke-tastic tweets of their own before The Onion itself struck back, with a series of tweets revolving around impending executions. Wed, 08 May 2013 12:00:00 GMT http://www.infosecurity-magazine.com/view/32265/all-kidding-aside-the-syrian-electronic-army-hacks-the-onion/ http://www.infosecurity-magazine.com/view/32274/syrias-internet-connection-is-turned-offagain/ Syria’s connection to the internet was turned off at 18:48 UTC yesterday. This was done by withdrawing the BGP (Border Gateway Protocol) routes from the country's border routers, making the country’s two TLD servers (ns1.tld.sy and ns2.tld.sy) inaccessible. Mobile connections also seem to be cut. Wed, 08 May 2013 10:45:00 GMT http://www.infosecurity-magazine.com/view/32274/syrias-internet-connection-is-turned-offagain/ http://www.infosecurity-magazine.com/view/32267/video-interview-educating-information-security-professionals/ Infosecurity magazine's Drew Amorosi interviews Kevin Jones of City University London at the recent Infosecurity Europe conference. Wed, 08 May 2013 10:00:00 GMT http://www.infosecurity-magazine.com/view/32267/video-interview-educating-information-security-professionals/ http://www.infosecurity-magazine.com/view/32269/is-the-white-house-recruiting-twitters-legal-director/ Rumors started circulating in Washington yesterday that president Obama may be on the verge of appointing a new chief privacy officer: Twitter’s legal director Nicole Wong. Wed, 08 May 2013 09:17:00 GMT http://www.infosecurity-magazine.com/view/32269/is-the-white-house-recruiting-twitters-legal-director/ http://www.infosecurity-magazine.com/view/32264/autoit-makes-malware-outrageously-easy/ AutoIT, a flexible coding language that’s been used since 1999 for scripting in Windows, is on the rise as a go-to development language for malware. Tue, 07 May 2013 19:22:00 GMT http://www.infosecurity-magazine.com/view/32264/autoit-makes-malware-outrageously-easy/ http://www.infosecurity-magazine.com/view/32263/dod-approves-android-blackberry-10-smartphones-for-use-by-soldiers/ US soldiers will soon be able to get their Android on…sort of. The US Department of Defense has approved the use of Samsung’s hardened, secure version of Android in smartphones used by the military, along with BlackBerry 10 devices. Tue, 07 May 2013 19:15:00 GMT http://www.infosecurity-magazine.com/view/32263/dod-approves-android-blackberry-10-smartphones-for-use-by-soldiers/ http://www.infosecurity-magazine.com/view/32250/researchers-hack-googles-australian-office-building/ “If Google can fall victim to an ICS attack, anyone can,” say researchers after taking over the building control system of Google’s Sydney, Australia offices. Tue, 07 May 2013 13:34:00 GMT http://www.infosecurity-magazine.com/view/32250/researchers-hack-googles-australian-office-building/ http://www.infosecurity-magazine.com/view/32248/mcafee-to-acquire-stonesoft/ McAfee, owned by Intel, announced yesterday that it intends to buy Finnish firewall and anti-evasion technique firm Stonesoft for a fee of approximately $389 million. Tue, 07 May 2013 12:30:00 GMT http://www.infosecurity-magazine.com/view/32248/mcafee-to-acquire-stonesoft/ http://www.infosecurity-magazine.com/view/32236/video-interview-symantec-crowns-winner-of-latest-cyber-readiness-challenge/ Eleanor Dallaway, editor of Infosecurity, interviews Sian John about the Symantec Cyber Readiness Challenge at Infosecurity Europe 2013. Tue, 07 May 2013 11:00:00 GMT http://www.infosecurity-magazine.com/view/32236/video-interview-symantec-crowns-winner-of-latest-cyber-readiness-challenge/ http://www.infosecurity-magazine.com/view/32245/los-alamos-national-labs-has-been-operating-quantum-cryptography-for-more-than-2-years/ The irony for government is that while some agencies seek total communications surveillance, other agencies are seeking perfect communications security. TIA is an example of the former; Los Alamos’ quantum internet is an example of the latter. Tue, 07 May 2013 11:00:00 GMT http://www.infosecurity-magazine.com/view/32245/los-alamos-national-labs-has-been-operating-quantum-cryptography-for-more-than-2-years/ http://www.infosecurity-magazine.com/view/32239/accused-of-stealing-millions-spyeye-developer-extradited-to-us/ The 24-year-old Algerian man allegedly responsible for stealing tens of millions of dollars with the SpyEye banking trojan has been extradited to the US, where he faces a 23-count indictment for conspiracy to commit wire and bank fraud, stemming from the hijacking of bank accounts at more than 200 financial institutions. Mon, 06 May 2013 20:42:00 GMT http://www.infosecurity-magazine.com/view/32239/accused-of-stealing-millions-spyeye-developer-extradited-to-us/ http://www.infosecurity-magazine.com/view/32238/internet-explorer-zeroday-blamed-for-department-of-labor-website-attack/ The watering hole campaign that targeted a US Department of Labor website was the result of a brand-new zero-day vulnerability affecting Internet Explorer 8 (CVE-2013-1347), and not a patched, known quantity as originally thought. Mon, 06 May 2013 20:34:00 GMT http://www.infosecurity-magazine.com/view/32238/internet-explorer-zeroday-blamed-for-department-of-labor-website-attack/ http://www.infosecurity-magazine.com/view/32237/new-online-backup-service-scans-for-malware-before-saving-files/ Consumers often look to protect their assets in the event of computer theft, loss or an “incident” that wipes out files and requires a complete restoration. Mon, 06 May 2013 19:59:00 GMT http://www.infosecurity-magazine.com/view/32237/new-online-backup-service-scans-for-malware-before-saving-files/ http://www.infosecurity-magazine.com/view/32233/latest-iphone-update-fails-to-fix-lockscreen-bypass-flaw/ Apple has shipped iOS 6.1.4, an update for the iPhone 5 that, contrary to expectation, does not fix the known lock-screen bypass vulnerability introduced to the platform with an OS update in March. Fri, 03 May 2013 19:28:00 GMT http://www.infosecurity-magazine.com/view/32233/latest-iphone-update-fails-to-fix-lockscreen-bypass-flaw/ http://www.infosecurity-magazine.com/view/32232/report-chinese-hackers-drained-secrets-from-top-us-military-and-spy-contractor/ Spies like us? Apparently so, as in, they’re just as vulnerable to Chinese hackers as anyone else. One of the top espionage and military contractors for the US, QinetiQ North America, has been successfully compromised and its information siphoned off, according to a Bloomberg report. Fri, 03 May 2013 18:41:00 GMT http://www.infosecurity-magazine.com/view/32232/report-chinese-hackers-drained-secrets-from-top-us-military-and-spy-contractor/ http://www.infosecurity-magazine.com/view/32231/trojans-cause-80-of-worldwide-malware-infections/ When it comes to malware, the spawning rate of new threats does not appear to be slowing down at all: In the first quarter of 2013 alone, more than six and a half million new malware samples were created, according to Panda Security’s latest malware report. Fri, 03 May 2013 18:33:00 GMT http://www.infosecurity-magazine.com/view/32231/trojans-cause-80-of-worldwide-malware-infections/ http://www.infosecurity-magazine.com/view/32227/hacker-tells-google-how-to-secure-glass/ Last week, saurik (legendary jailbreaker and founder of Cydia) announced that he had rooted Google’s Glass, leading to an instant and somewhat petulant response from some quarters of Google. Fri, 03 May 2013 15:32:00 GMT http://www.infosecurity-magazine.com/view/32227/hacker-tells-google-how-to-secure-glass/ http://www.infosecurity-magazine.com/view/32221/video-interview-amar-singh-ciso-news-international/ At last week’s Infosecurity Europe show in London, Drew Amorosi, deputy editor of Infosecurity magazine, sat down with Amar Singh, News International’s chief information security officer. Fri, 03 May 2013 13:00:00 GMT http://www.infosecurity-magazine.com/view/32221/video-interview-amar-singh-ciso-news-international/ http://www.infosecurity-magazine.com/view/32223/us-national-inventory-of-dams-database-breached/ Claims that China is planning an attack on the US power grid through data stolen from a database of more than 8000 US dams may be a little premature. Fri, 03 May 2013 11:29:00 GMT http://www.infosecurity-magazine.com/view/32223/us-national-inventory-of-dams-database-breached/ http://www.infosecurity-magazine.com/view/32220/video-interview-reinventing-security-vulnerability-management/ Eleanor Dallaway, editor of Infosecurity, interviews Michelle Johnson Cobb of Skybox Security at last week’s Infosecurity Europe 2013 show in London. Fri, 03 May 2013 11:00:00 GMT http://www.infosecurity-magazine.com/view/32220/video-interview-reinventing-security-vulnerability-management/ http://www.infosecurity-magazine.com/view/32222/58-information-security-incidents-attributed-to-insider-threat-/ The consumerization of computing has changed the IT landscape. Employees can and do now access corporate data from a multitude of devices in a multitude of locations. Where the ‘insider threat’ was once posed only by the occasional malcontent employee, it is now comes from every naive employee on the payroll. Fri, 03 May 2013 10:12:00 GMT http://www.infosecurity-magazine.com/view/32222/58-information-security-incidents-attributed-to-insider-threat-/ http://www.infosecurity-magazine.com/view/32217/in-the-wake-of-hacks-twitter-issues-security-advice-to-media/ Following several high-profile account hacks targeting media companies, Twitter has issued security advice for preventing hijacking. “We expect these attacks to continue,” the social media site warned. Thu, 02 May 2013 19:49:00 GMT http://www.infosecurity-magazine.com/view/32217/in-the-wake-of-hacks-twitter-issues-security-advice-to-media/ http://www.infosecurity-magazine.com/view/32216/nist-revises-security-guidelines-to-address-cloud-mobile-and-apts/ The US National Institute of Standards and Technology (NIST) has published the fourth revision of the government's foundational computer security guide, 'Security and Privacy Controls for Federal information Systems and Organizations', spurred on by the new normal of cloud, mobility and ever more sophisticated hackers. Thu, 02 May 2013 19:40:00 GMT http://www.infosecurity-magazine.com/view/32216/nist-revises-security-guidelines-to-address-cloud-mobile-and-apts/ http://www.infosecurity-magazine.com/view/32215/50-of-enterprises-will-mandate-byod-by-2017/ Mobility is a part of nearly everyone’s life, and using personal devices for work functionality is a rather inexorable phenomenon, according to research by analyst firm Gartner. But it appears that enterprise IT departments are finally embracing the reality of it, with 38% of companies expected to stop providing devices to workers by 2016, and half of them expected to mandate a bring your own device (BYOD) program by 2017. Security, in turn, is evolving as well. Thu, 02 May 2013 19:32:00 GMT http://www.infosecurity-magazine.com/view/32215/50-of-enterprises-will-mandate-byod-by-2017/ http://www.infosecurity-magazine.com/view/32219/video-interview-nac-byod-and-advanced-threat-protection/ Drew Amorosi, deputy editor of Infosecurity, interviews ForeScout’s Scott Gordon at last week’s Infosecurity Europe 2013 show in London. Thu, 02 May 2013 17:00:00 GMT http://www.infosecurity-magazine.com/view/32219/video-interview-nac-byod-and-advanced-threat-protection/ http://www.infosecurity-magazine.com/view/32212/adobe-adds-security-post-to-its-executive-management-team/ It’s an old face in a new place, as Adobe has promoted Brad Arkin to become the company’s first chief security officer. Thu, 02 May 2013 16:44:00 GMT http://www.infosecurity-magazine.com/view/32212/adobe-adds-security-post-to-its-executive-management-team/ http://www.infosecurity-magazine.com/view/32209/video-interview-infosecurity-europe-2013-hall-of-fame-inductees/ Eleanor Dallaway, editor of Infosecurity, interviews Mikko Hypponen and Shlomo Kramer at Infosecurity Europe 2013 in London, immediately following their inductions into the Hall of Fame. Thu, 02 May 2013 15:52:00 GMT http://www.infosecurity-magazine.com/view/32209/video-interview-infosecurity-europe-2013-hall-of-fame-inductees/ http://www.infosecurity-magazine.com/view/32201/new-report-demonstrates-that-compliance-can-harm-security/ The Website Security Statistics Report demonstrates that security requires accountability, that ‘best practices’ is a difficult concept, and that ‘what’s needed is more secure software, not more security software.’ Thu, 02 May 2013 12:55:00 GMT http://www.infosecurity-magazine.com/view/32201/new-report-demonstrates-that-compliance-can-harm-security/ http://www.infosecurity-magazine.com/view/32198/department-of-labor-website-delivered-malware-to-visitors/ Europeans – not so much Americans – will not miss the irony of a US Department of Labor website serving malware apparently aimed at its own labor force on May 1: International Worker’s Day. Thu, 02 May 2013 11:00:00 GMT http://www.infosecurity-magazine.com/view/32198/department-of-labor-website-delivered-malware-to-visitors/ http://www.infosecurity-magazine.com/view/32190/video-interview-top-analysts-discuss-latest-security-threats/ Eleanor Dallaway, editor of Infosecurity, quizzes three of the information security industry's top European analysts on the current trends in the industry. Thu, 02 May 2013 10:00:00 GMT http://www.infosecurity-magazine.com/view/32190/video-interview-top-analysts-discuss-latest-security-threats/ http://www.infosecurity-magazine.com/view/32192/eskills-research-demonstrates-need-for-entry-routes-into-cybersecurity-careers/ An information skills shortage in the UK is not disputed. Why that skills shortage exists and what can be done about it is the issue. Today a high-power (general) forum at The Spectator will seek answers, coinciding with a new (specialist) analysis published by Alderbridge and e-skills UK. Thu, 02 May 2013 09:39:00 GMT http://www.infosecurity-magazine.com/view/32192/eskills-research-demonstrates-need-for-entry-routes-into-cybersecurity-careers/ http://www.infosecurity-magazine.com/view/32189/feds-look-to-extend-wiretapping-mandate-to-online-services/ Even as online privacy continues to be in the spotlight, a government task force is reportedly prepping legislation that would enable law enforcement officials to intercept online communications in real-time, via companies like Facebook and Google, in what is basically an extension of the CALEA wiretapping act. Wed, 01 May 2013 19:45:00 GMT http://www.infosecurity-magazine.com/view/32189/feds-look-to-extend-wiretapping-mandate-to-online-services/ http://www.infosecurity-magazine.com/view/32188/phishing-attack-targets-apple-ids/ Apple IDs can be a plum target for a hacker: they are, of course, the keys to the Apple ecosystem and the iCloud digital locker. Trend Micro has found phishers recently concentrating their fire on stealing Apple IDs, and are tracking a spike in activity that translates into hundreds of live phishing sites. Wed, 01 May 2013 19:38:00 GMT http://www.infosecurity-magazine.com/view/32188/phishing-attack-targets-apple-ids/ http://www.infosecurity-magazine.com/view/32187/eff-online-data-protection-is-a-mixed-bag/ Consumers and businesses alike, often unwittingly, leave a wealth of information behind as they move through the digital world. Every internet search, every website visit, every social media update is essentially another piece of data that’s being entrusted to a service provider like Google, Facebook or AT&T. Wed, 01 May 2013 19:00:00 GMT http://www.infosecurity-magazine.com/view/32187/eff-online-data-protection-is-a-mixed-bag/ http://www.infosecurity-magazine.com/view/32186/video-interview-ian-mann-and-hacking-the-human/ Drew Amorosi, deputy editor of Infosecurity, interviews Ian Mann, author of “Hacking the Human II” at Infosecurity Europe 2013 in London. Wed, 01 May 2013 17:43:00 GMT http://www.infosecurity-magazine.com/view/32186/video-interview-ian-mann-and-hacking-the-human/ http://www.infosecurity-magazine.com/view/32182/data-sharing-by-eu-law-enforcement-beware-of-mission-creep/ Peter Hustinx, the European Data Protection Supervisor (EDPS) has delivered his official Opinion on the Commission's Communication to Parliament and the Council titled 'Strengthening law enforcement cooperation in the EU: the European Information Exchange Model (EIXM)'; and warns on the potential for mission creep. Wed, 01 May 2013 15:55:00 GMT http://www.infosecurity-magazine.com/view/32182/data-sharing-by-eu-law-enforcement-beware-of-mission-creep/ http://www.infosecurity-magazine.com/view/32151/cispa-coauthor-anonymous-threatened-us/ As it languishes in the US Senate, the Cyber Intelligence Sharing and Protection Act (CISPA) has spurred hacktivist group Anonymous to threaten Congressional supporters of the bill, claims co-author Rep. Dutch Ruppersberger (D-Md.). Wed, 01 May 2013 14:00:00 GMT http://www.infosecurity-magazine.com/view/32151/cispa-coauthor-anonymous-threatened-us/ http://www.infosecurity-magazine.com/view/32150/threefourths-of-organizations-lack-app-component-policy/ When it comes to developing applications, open-source component use continues to skyrocket. And like operating systems or databases, open-source components represent a rich attack vector for hackers to exploit given their commonality across organizations and applications. Wed, 01 May 2013 13:30:00 GMT http://www.infosecurity-magazine.com/view/32150/threefourths-of-organizations-lack-app-component-policy/ http://www.infosecurity-magazine.com/view/32149/russianukrainian-cybergang-steals-millions-to-launder-through-money-mules/ A Russian-Ukrainian cyber-gang going by the name Best Inc. has managed to steal more than $1 million from a public hospital in Washington State. It carried out the heist by recruiting nearly 100 unwitting accomplices in the US who were hired through work-at-home job scams. Wed, 01 May 2013 13:00:00 GMT http://www.infosecurity-magazine.com/view/32149/russianukrainian-cybergang-steals-millions-to-launder-through-money-mules/ http://www.infosecurity-magazine.com/view/32171/firefox-sends-finfisher-authors-a-cease-and-desist-letter/ FinFisher is a commercial spyware product produced by the UK’s Gamma International. It is widely implicated in government surveillance of national dissidents in countries with poor human rights records. Wed, 01 May 2013 12:17:00 GMT http://www.infosecurity-magazine.com/view/32171/firefox-sends-finfisher-authors-a-cease-and-desist-letter/ http://www.infosecurity-magazine.com/view/32152/recycled-tablets-need-to-be-wiped/ According to IDC, worldwide sales of tablets will surpass those of desktop PCs by the end of 2013, and laptops by the end of 2014. This will likely result in a new second-owner tablet market – which means that security and privacy officers now need to factor in wiping old tablets just as thoroughly as old hard disks. Wed, 01 May 2013 08:40:00 GMT http://www.infosecurity-magazine.com/view/32152/recycled-tablets-need-to-be-wiped/ http://www.infosecurity-magazine.com/view/32122/kuluozloaded-spam-shines-in-april/ As April draws to a close, its predominant malware distribution trend lies in the proliferation of spam email purporting to link to an invoice, receipt, airline ticket or other confirmation document for a large purchase. The initial payload of this campaign has been a malware trojan called Kuluoz, which uses an icon that resembles a Microsoft Office application document. Tue, 30 Apr 2013 19:30:00 GMT http://www.infosecurity-magazine.com/view/32122/kuluozloaded-spam-shines-in-april/ http://www.infosecurity-magazine.com/view/32116/taiwan-chinese-cyberarmy-swells-to-100k-hits-taipei-hundreds-of-times-per-day/ Taiwan’s National Security Bureau (NSB) said that the Chinese government continues to target its assets, and has extended its cyber-army to more than 100,000 people, with a budget in excess of $2.71 million per year to carry out hacking activities. Tue, 30 Apr 2013 13:15:00 GMT http://www.infosecurity-magazine.com/view/32116/taiwan-chinese-cyberarmy-swells-to-100k-hits-taipei-hundreds-of-times-per-day/ http://www.infosecurity-magazine.com/view/32108/nasa-wraps-up-the-international-space-apps-challenge/ NASA has closed its second-annual International Space Apps Challenge, a hack-a-thon that took place on April 20–21, and is now sifting through the more than 770 submissions and assembling a panel of judges to determine five global winners, to be announced in May. Tue, 30 Apr 2013 13:00:00 GMT http://www.infosecurity-magazine.com/view/32108/nasa-wraps-up-the-international-space-apps-challenge/