http://www.infosecurity-magazine.com/ Copyright Elsevier Ltd Intuitiv Ltd (www.intuitiv.net) Fri, 24 May 2013 21:33:38 GMT http://www.infosecurity-magazine.com/ http://www.infosecurity-magazine.com/_common/img/template/infosec-uk/site-logo.gif http://www.infosecurity-magazine.com/view/32610/new-android-trojan-can-thwart-twofactor-authentication/ Mobile malware is cresting as it never has in the past, with new bugs being developed at breakneck speed. One of these, a new version of the Pincer trojan for Android that can intercept inbound text messages and forward them on, can compromise two-factor authentication protections. Fri, 24 May 2013 20:35:00 GMT http://www.infosecurity-magazine.com/view/32610/new-android-trojan-can-thwart-twofactor-authentication/ http://www.infosecurity-magazine.com/view/32609/zeus-is-back-with-a-vengeance/ Zeus and its ZBOT brethren are coming back down off banking-Trojan Olympus to take another whack at the financial services game. The info-stealing malware is reemerging with a vengeance, with increased activity and a few upgrades to the previous versions. Fri, 24 May 2013 20:00:00 GMT http://www.infosecurity-magazine.com/view/32609/zeus-is-back-with-a-vengeance/ http://www.infosecurity-magazine.com/view/32608/dhs-finds-critical-vulnerability-in-software-used-for-background-checks/ The US Department of Homeland Security (DHS) is facing a possible data breach thanks to the software it has been relying on to help process background checks for potential employees. Fri, 24 May 2013 19:55:00 GMT http://www.infosecurity-magazine.com/view/32608/dhs-finds-critical-vulnerability-in-software-used-for-background-checks/ http://www.infosecurity-magazine.com/view/32600/the-hangover-continues-researchers-uncover-more-mac-malware-variants-/ In the wake of Operation Hangover, a large cyber-espionage campaign run from India, security researchers have identified yet more strains of the culprit, the Kumar in the Mac (KitM) spyware for Mac OS X. And these don’t appear to have a political motivation. Fri, 24 May 2013 16:00:00 GMT http://www.infosecurity-magazine.com/view/32600/the-hangover-continues-researchers-uncover-more-mac-malware-variants-/ http://www.infosecurity-magazine.com/view/32605/ftc-considering-a-new-antitrust-investigation-on-google/ While Google is still attempting to head off antitrust problems in Europe, there are new reports that the FTC in the US is now considering a new investigation into how Google handles its advertising sales. Fri, 24 May 2013 13:29:00 GMT http://www.infosecurity-magazine.com/view/32605/ftc-considering-a-new-antitrust-investigation-on-google/ http://www.infosecurity-magazine.com/view/32603/despite-high-profile-hacks-security-is-on-right-track-says-cybercrime-report-/ The latest quarterly report from PandaLabs concludes on a surprisingly optimistic note given the continuous revelations of high profile hacks and the evolution of nation-state cyber warfare this year. Fri, 24 May 2013 12:39:00 GMT http://www.infosecurity-magazine.com/view/32603/despite-high-profile-hacks-security-is-on-right-track-says-cybercrime-report-/ http://www.infosecurity-magazine.com/view/32602/computer-fraud-and-abuse-act-used-to-threaten-journalists/ Journalists who used Google Search to locate scores of unsecured social security numbers associated with the US Lifeline program have been threatened by lawyers under the Computer Fraud and Abuse Act. Fri, 24 May 2013 11:18:00 GMT http://www.infosecurity-magazine.com/view/32602/computer-fraud-and-abuse-act-used-to-threaten-journalists/ http://www.infosecurity-magazine.com/view/32599/mobile-malware-growth-hits-alltime-high/ Researchers continue to find that the pace of mobile malware development is accelerating. A total of 22,750 new modifications of malicious programs targeting mobile devices were detected this past quarter by Kaspersky Lab, which is more than half of the total number of modifications detected in all of 2012. A full 99.9% of them target the Android platform. Thu, 23 May 2013 19:59:00 GMT http://www.infosecurity-magazine.com/view/32599/mobile-malware-growth-hits-alltime-high/ http://www.infosecurity-magazine.com/view/32598/nypd-detective-hires-hacking-service-to-help-spy-on-fellow-officers/ The FBI has arrested a New York City police detective for stealing the login details of at least 30 people (including 21 NYPD employees, 19 of them officers), across 43 email accounts and one cell phone. He did it by hiring a contract hit man, of sorts. Thu, 23 May 2013 19:55:00 GMT http://www.infosecurity-magazine.com/view/32598/nypd-detective-hires-hacking-service-to-help-spy-on-fellow-officers/ http://www.infosecurity-magazine.com/view/32581/get-safe-online-issues-phone-advice-following-national-crime-survey/ The latest Crime Survey for England and Wales produced by the Office for National Statistics shows that theft of mobile devices is still rising: 2% of all phone owners have had a mobile phone stolen within the last twelve months. Thu, 23 May 2013 13:16:00 GMT http://www.infosecurity-magazine.com/view/32581/get-safe-online-issues-phone-advice-following-national-crime-survey/ http://www.infosecurity-magazine.com/view/32564/facing-growing-threats-cisos-need-tighter-boardlevel-talks/ As cyber-risks continue to evolve in sophistication and complexity, and as cyber-espionage becomes a more common reality, information risk has been making its way onto the boardroom agenda. According to the Information Security Forum (ISF), chief information security officers (CISOs) need to engage with their boards to ensure their organizations understand and manage information risk appropriately while delivering on their strategic objectives. Thu, 23 May 2013 13:00:00 GMT http://www.infosecurity-magazine.com/view/32564/facing-growing-threats-cisos-need-tighter-boardlevel-talks/ http://www.infosecurity-magazine.com/view/32594/exploring-the-keys-to-apt-prevention-strategies/ With many organizations rushing to formulate their own advanced persistent threat (APT) prevention plans, recent data show that a lack of attention to systematically managing cryptographic keys and certificates is still leaving the attack door wide open. Thu, 23 May 2013 12:00:00 GMT http://www.infosecurity-magazine.com/view/32594/exploring-the-keys-to-apt-prevention-strategies/ http://www.infosecurity-magazine.com/view/32573/man-made-redundant-fined-for-stealing-sensitive-information-/ When he learned that he was being made redundant from his position as Community Health Promotions Manager at a council-run leisure center, he emailed sensitive medical information on 2471 people to himself to help establish his own new company. Thu, 23 May 2013 10:42:00 GMT http://www.infosecurity-magazine.com/view/32573/man-made-redundant-fined-for-stealing-sensitive-information-/ http://www.infosecurity-magazine.com/view/32572/twitter-launches-twofactor-authentication/ In a tweet yesterday and accompanying blog, Twitter announced that it has joined other large cloud companies in offering two-factor authentication. Thu, 23 May 2013 08:45:00 GMT http://www.infosecurity-magazine.com/view/32572/twitter-launches-twofactor-authentication/ http://www.infosecurity-magazine.com/view/32565/congressional-report-us-power-grid-under-continuous-cyberassault/ A Congressional survey of utility companies shows that the US electric grid is warding off “daily,” “constant” and “frequent” cyber-attacks, including one power company that reported it is the target of around 10,000 attempted attacks each month. Wed, 22 May 2013 20:00:00 GMT http://www.infosecurity-magazine.com/view/32565/congressional-report-us-power-grid-under-continuous-cyberassault/ http://www.infosecurity-magazine.com/view/32563/experian-tackles-social-media-risk/ Global financial information company and credit score keeper Experian has implemented new security controls to drive cyber-risk out of its social media activities, in an effort to safeguard consumer information. Wed, 22 May 2013 19:14:00 GMT http://www.infosecurity-magazine.com/view/32563/experian-tackles-social-media-risk/ http://www.infosecurity-magazine.com/view/32559/microsoft-stops-predicting-av-samples-to-focus-on-ecosystem-/ The Microsoft Malware Protection center is shifting its research focus away from predicting test samples and instead focussing on prevalence-weighted response and family research. Wed, 22 May 2013 15:49:00 GMT http://www.infosecurity-magazine.com/view/32559/microsoft-stops-predicting-av-samples-to-focus-on-ecosystem-/ http://www.infosecurity-magazine.com/view/32551/ddos-and-the-challenge-of-civil-disobedience-on-the-internet/ Starting with the Anonymous Operation Payback in 2010, in retaliation for what many consider the illegal financial blockade of WikiLeaks, DDoS as a weapon of dissent has increasingly become a part of life on the internet. Wed, 22 May 2013 13:53:00 GMT http://www.infosecurity-magazine.com/view/32551/ddos-and-the-challenge-of-civil-disobedience-on-the-internet/ http://www.infosecurity-magazine.com/view/32549/education-institutions-at-forefront-of-byod-/ BYOD as a security issue has largely focused on the business arena – the dangers inherent in allowing personal smartphones and tablets to connect to the corporate network. But mobile devices have been adopted as a way of life with youngsters, and in some ways education has led the BYOD phenomenon. Wed, 22 May 2013 12:33:00 GMT http://www.infosecurity-magazine.com/view/32549/education-institutions-at-forefront-of-byod-/ http://www.infosecurity-magazine.com/view/32543/blue-coat-systems-to-acquire-solera-networks/ Blue Coat operates largely outside of the perimeter; Solera Networks operates within the perimeter. Put the two together and you have the complete security solution – that is the the theory behind Blue Coat’s latest acquisition. Wed, 22 May 2013 11:00:00 GMT http://www.infosecurity-magazine.com/view/32543/blue-coat-systems-to-acquire-solera-networks/ http://www.infosecurity-magazine.com/view/32540/wikileaks-prosecutor-agrees-to-lesser-charge-for-manning-on-one-of-22-counts/ Prosecutors have reduced the charges in the case against the Army GI who released more than 700,000 classified government documents to the WikiLeaks site. Tue, 21 May 2013 20:34:00 GMT http://www.infosecurity-magazine.com/view/32540/wikileaks-prosecutor-agrees-to-lesser-charge-for-manning-on-one-of-22-counts/ http://www.infosecurity-magazine.com/view/32538/most-small-businesses-dont-understand-mobile-security-threats/ New research into eight critical security threats on mobile devices found the majority of small to medium enterprises (SMEs) are either unaware of or defenseless against the threats posed to their networks by mobile devices and BYOD. Tue, 21 May 2013 20:14:00 GMT http://www.infosecurity-magazine.com/view/32538/most-small-businesses-dont-understand-mobile-security-threats/ http://www.infosecurity-magazine.com/view/32537/citadel-malware-targeting-payza-platform-for-emerging-markets/ A variant of the formidable banking trojan Citadel has been targeting Payza – a payment platform popular in developing countries that have limited access to online financial services. Tue, 21 May 2013 19:15:00 GMT http://www.infosecurity-magazine.com/view/32537/citadel-malware-targeting-payza-platform-for-emerging-markets/ http://www.infosecurity-magazine.com/view/32533/four-arrested-anons-hijacked-anonymous-franchise/ Last week the Italian postal police arrested four 'members' of the Anonymous movement in an operation dubbed 'Tango Down'. On Monday Anonymous responded with its own tango down on the official Court of Rome website. Tue, 21 May 2013 14:22:00 GMT http://www.infosecurity-magazine.com/view/32533/four-arrested-anons-hijacked-anonymous-franchise/ http://www.infosecurity-magazine.com/view/32528/the-hangover-campaign-more-on-indian-hackers-targeting-pakistan/ A few days ago details of a long-standing and wide-ranging attack primarily against Pakistan and apparently emanating from India were released. Now it appears it was just the tip of an iceberg. Tue, 21 May 2013 13:13:00 GMT http://www.infosecurity-magazine.com/view/32528/the-hangover-campaign-more-on-indian-hackers-targeting-pakistan/ http://www.infosecurity-magazine.com/view/32516/queens-speech-and-user-identification-through-ip-addresses/ The reason for Her Majesty's government to bring forward proposals viz-a-viz "the problem of matching Internet Protocol addresses" (Queen's Speech 2013) may have as much to do with BT's current plans as with the stalled Communications Data Bill. Tue, 21 May 2013 11:18:00 GMT http://www.infosecurity-magazine.com/view/32516/queens-speech-and-user-identification-through-ip-addresses/ http://www.infosecurity-magazine.com/view/32515/mandiant-chinese-espionage-hackers-are-back/ The group of Chinese cyber-espionage hackers reportedly operating as an arm of the People’s Liberation Army is allegedly back at it, attacking a range of US enterprise and government targets to steal everything from technology blueprints to business plans to manufacturing information. Mon, 20 May 2013 20:16:00 GMT http://www.infosecurity-magazine.com/view/32515/mandiant-chinese-espionage-hackers-are-back/ http://www.infosecurity-magazine.com/view/32514/us-government-seeks-input-on-cybersecurity-in-wake-of-obamas-executive-order/ In a move to comply with President Obama’s Executive Order on cybersecurity, the US General Services Administration (GSA) is issuing a request for information (RFI) calling for input on ways to make the federal government's cybersecurity more resilient. Mon, 20 May 2013 20:00:00 GMT http://www.infosecurity-magazine.com/view/32514/us-government-seeks-input-on-cybersecurity-in-wake-of-obamas-executive-order/ http://www.infosecurity-magazine.com/view/32513/companies-slow-in-reacting-to-breach-notifications/ Most corporate security incidents are uncovered by a third party, like a security firm, that picks up on evidence of nefarious activity being carried out by infected machines. However, many of the victim organizations don’t have processes in place to react quickly when they’re notified of an incident. And some are simply not discharging their corporate duty, argues one security firm. Mon, 20 May 2013 19:47:00 GMT http://www.infosecurity-magazine.com/view/32513/companies-slow-in-reacting-to-breach-notifications/ http://www.infosecurity-magazine.com/view/32496/password-strength-meters-inspire-better-choices-but-only-for-sensitive-accounts/ Password strength meters that offer web surfers a visual gauge of how weak or strong a chosen lock may be are increasingly present on websites – but how effective are they at getting folks to choose stronger options? When it comes to locking down sensitive data, meters had an impact, suggesting that they act as important reminders for users about what’s at stake. Mon, 20 May 2013 13:00:00 GMT http://www.infosecurity-magazine.com/view/32496/password-strength-meters-inspire-better-choices-but-only-for-sensitive-accounts/ http://www.infosecurity-magazine.com/view/32502/snapchats-woes-escalate-with-complaint-to-ftc/ First it was shown that Snapchat photos and videos on Android are not deleted, merely hidden; then a YouTube video shows how to locate Snapchat videos on iOS; and now a complaint alleging deceptive business practices has been filed with the FTC. Mon, 20 May 2013 12:37:00 GMT http://www.infosecurity-magazine.com/view/32502/snapchats-woes-escalate-with-complaint-to-ftc/ http://www.infosecurity-magazine.com/view/32499/uk-customers-charged-twice-with-contactless-payment-cards/ Marks and Spencer, Pret a Manger and Transport for London customers have all reported automatic payment deductions from contactless payment cards while they were making payment by other means, renewing long-standing concerns over the security of contactless payment cards. Mon, 20 May 2013 10:46:00 GMT http://www.infosecurity-magazine.com/view/32499/uk-customers-charged-twice-with-contactless-payment-cards/ http://www.infosecurity-magazine.com/view/32498/22-million-user-ids-may-have-been-stolen-from-yahoo-japan/ Yahoo Japan, 35.5% owned by Japan’s mobile phone operator SoftBank and 34.7% owned by Yahoo Inc, announced Friday that it may have lost 22 million user IDs from its total of around 200 million. Mon, 20 May 2013 10:28:00 GMT http://www.infosecurity-magazine.com/view/32498/22-million-user-ids-may-have-been-stolen-from-yahoo-japan/ http://www.infosecurity-magazine.com/view/32495/apple-fixes-41-flaws-in-itunes/ Apple has patched 41 vulnerabilities in iTunes with version 11.0.3 of the digital store for OS X and Windows, including the one that Pinkie Pie rode to a $60,000 prize in the Google Pwnium 2 hackathon. Fri, 17 May 2013 19:53:00 GMT http://www.infosecurity-magazine.com/view/32495/apple-fixes-41-flaws-in-itunes/ http://www.infosecurity-magazine.com/view/32494/syrian-activists-hack-financial-times-twitter-feed-time-for-new-password-approaches/ The Syrian Electronic Army is continuing its campaign to highjack the Twitter accounts of high-profile media outlets, with the Financial Times becoming its latest victim. Fri, 17 May 2013 19:46:00 GMT http://www.infosecurity-magazine.com/view/32494/syrian-activists-hack-financial-times-twitter-feed-time-for-new-password-approaches/ http://www.infosecurity-magazine.com/view/32482/the-apps-act-a-proposal-to-protect-users-mobile-privacy/ Rep. Hank Johnson, D-Ga, has introduced the bipartisan Application Privacy, Protection and Security (APPS) Act of 2013 (H.R. 1913). Its purpose is to require app developers to maintain privacy policies, obtain consent from consumers before collecting data, and securely maintain the data they collect. Fri, 17 May 2013 12:52:00 GMT http://www.infosecurity-magazine.com/view/32482/the-apps-act-a-proposal-to-protect-users-mobile-privacy/ http://www.infosecurity-magazine.com/view/32478/indian-malware-campaign-targeting-pakistan-uncovered/ A leading anti-malware company has uncovered a wide-ranging malware campaign that appears to originate in India and seems primarily to target Pakistan with data-stealing malware. Fri, 17 May 2013 11:35:00 GMT http://www.infosecurity-magazine.com/view/32478/indian-malware-campaign-targeting-pakistan-uncovered/ http://www.infosecurity-magazine.com/view/32473/new-mac-malware-discovered-live-on-stage/ Proving that not all demonstrations are staged, a previously unknown Mac backdoor was discovered during a live presentation at the Oslo Freedom Forum earlier this week. Fri, 17 May 2013 10:22:00 GMT http://www.infosecurity-magazine.com/view/32473/new-mac-malware-discovered-live-on-stage/ http://www.infosecurity-magazine.com/view/32469/dhs-critical-infrastructure-threats-up-68-in-2012/ Critical infrastructure threats are up significantly according to US officials – a worrying state of affairs that spans a wide range of threat vectors and potential participants. Thu, 16 May 2013 22:00:00 GMT http://www.infosecurity-magazine.com/view/32469/dhs-critical-infrastructure-threats-up-68-in-2012/ http://www.infosecurity-magazine.com/view/32470/cloud-security-readiness-tool-results-show-overwhelming-lack-of-maturity-/ Since its launch in October 2012, 5,700 people have used the Microsoft Cloud Security Readiness Tool (CSRT). The tool asks 27 questions regarding the current state of an organisation’s security posture and cloud readiness. The results have been anonymised and analysed, and the overarching conclusion is that most organisations are relatively immature across almost all control areas represented by the CSRT. Thu, 16 May 2013 21:37:00 GMT http://www.infosecurity-magazine.com/view/32470/cloud-security-readiness-tool-results-show-overwhelming-lack-of-maturity-/ http://www.infosecurity-magazine.com/view/32468/barracuda-ups-secure-storage-capacity-to-15gb/ Barracuda Networks, eyeing Google’s move to unify storage across its products, has increased the amount of free cloud storage for its own Copy online file syncing users, from 5GB to 15GB. Thu, 16 May 2013 19:00:00 GMT http://www.infosecurity-magazine.com/view/32468/barracuda-ups-secure-storage-capacity-to-15gb/ http://www.infosecurity-magazine.com/view/32467/eu-may-consider-hackback-legislation/ The European Union could soon consider a proposal that would give law enforcement the ability to engage in “offensive hacking,” i.e., compromise private infrastructure and systems to gather information via spyware, delete data or even take servers offline completely when there is probable cause to suspect cybercriminal activity. Thu, 16 May 2013 18:46:00 GMT http://www.infosecurity-magazine.com/view/32467/eu-may-consider-hackback-legislation/ http://www.infosecurity-magazine.com/view/32455/did-stuxnet-help-rather-than-hinder-irans-nuclear-program/ Stuxnet is often cited as history’s first true cyber weapon. By common consensus it was developed and used by the US and Israel to successfully disrupt Iran’s nuclear program – but a new report questions its success. Thu, 16 May 2013 13:26:00 GMT http://www.infosecurity-magazine.com/view/32455/did-stuxnet-help-rather-than-hinder-irans-nuclear-program/ http://www.infosecurity-magazine.com/view/32453/ciso-chief-infosec-scapegoat-officer/ CISOs are often the first victim following a major security breach. Given the prevalence of such breaches, the average tenure of a CISO is now just 18 months; and this is likely to worsen if corporate security doesn’t improve. Thu, 16 May 2013 11:51:00 GMT http://www.infosecurity-magazine.com/view/32453/ciso-chief-infosec-scapegoat-officer/ http://www.infosecurity-magazine.com/view/32447/enhanced-and-advanced-pushdo-botnet-is-back/ Pushdo, one of the more enduring and resilient botnets, has already survived four takedowns in five years. Now a new variant with new evasion techniques has been detected. Thu, 16 May 2013 10:00:00 GMT http://www.infosecurity-magazine.com/view/32447/enhanced-and-advanced-pushdo-botnet-is-back/ http://www.infosecurity-magazine.com/view/32445/twitter-uses-automation-to-improve-security-/ The Twitter product security team are improving the security of their code by adopting more security automation. Thu, 16 May 2013 07:00:00 GMT http://www.infosecurity-magazine.com/view/32445/twitter-uses-automation-to-improve-security-/ http://www.infosecurity-magazine.com/view/32444/lulzsec-pirates-plead-guilty-to-hacking-/ Four LulzSec members who claim to be "latter-day pirates" have plead guilty to hacking charges and compromising millions of people's information. Wed, 15 May 2013 20:27:00 GMT http://www.infosecurity-magazine.com/view/32444/lulzsec-pirates-plead-guilty-to-hacking-/ http://www.infosecurity-magazine.com/view/32443/gamechanger-android-malware-moves-beyond-apps/ Android malware authors have officially turned the complexity corner, according to an analysis of mobile malware for the first quarter of 2013. The size and scope of the Android threatscape is evolving, adding new tactics and advanced approaches that extend beyond malicious applications. Wed, 15 May 2013 19:56:00 GMT http://www.infosecurity-magazine.com/view/32443/gamechanger-android-malware-moves-beyond-apps/ http://www.infosecurity-magazine.com/view/32442/industry-groups-join-forces-on-smart-fare-security-for-public-transportation/ Smart ticketing and electronic fare sales for public transportion may not seem an obvious target for a cyber-crook at first glance, but when you consider all the credit card transactions and contactless payments flying around, e-security emerges as a big concern, particularly when it comes to the cards themselves. Wed, 15 May 2013 19:43:00 GMT http://www.infosecurity-magazine.com/view/32442/industry-groups-join-forces-on-smart-fare-security-for-public-transportation/ http://www.infosecurity-magazine.com/view/32434/why-is-microsoft-reading-users-skype-messages/ Heise Security published a suggestion that Microsoft is reading users’ Skype messages, but Microsoft maintains automated scanning is used to identify suspected spam and phishing links. Wed, 15 May 2013 15:44:00 GMT http://www.infosecurity-magazine.com/view/32434/why-is-microsoft-reading-users-skype-messages/ http://www.infosecurity-magazine.com/view/32419/more-than-13000-visitors-attended-infosecurity-europe-2013/ Infosecurity Europe has released basic figures on last month’s eighteenth annual exhibition and conference: pre-ABC audit figures show a 6% increase in visitors over 2012 to 13,200, with more than 70 new exhibitors. Wed, 15 May 2013 12:15:00 GMT http://www.infosecurity-magazine.com/view/32419/more-than-13000-visitors-attended-infosecurity-europe-2013/ http://www.infosecurity-magazine.com/view/32417/browsers-ability-to-block-malware-downloads-analyzed-and-compared/ The five leading browsers – Chrome, Firefox, Internet Explorer, Safari and Opera – were tested against 754 samples of real-world malicious software. The results show a marked difference in the browsers’ ability to act as a first line of defense against malware. Wed, 15 May 2013 11:32:00 GMT http://www.infosecurity-magazine.com/view/32417/browsers-ability-to-block-malware-downloads-analyzed-and-compared/ http://www.infosecurity-magazine.com/view/32409/application-vulnerabilities-remain-securitys-biggest-concern/ The latest Global Information Security Workforce Study (GISWS) shows that application vulnerabilities continue to be the biggest concern for security professionals, with 69% of participants indicating it is the number one security threat. Wed, 15 May 2013 09:13:00 GMT http://www.infosecurity-magazine.com/view/32409/application-vulnerabilities-remain-securitys-biggest-concern/ http://www.infosecurity-magazine.com/view/32406/microsofts-lipner-declares-cost-and-lack-of-management-approval-secure-development-roadblocks-/ Cost and lack of support, training, and management approval are the roadblocks standing in the way of secure development, said Steve Lipner, partner director of programme management in Trustworthy Computing Security at Microsoft, in a press conference at Security Development Conference in San Francisco, May 14 2013. Wed, 15 May 2013 02:00:00 GMT http://www.infosecurity-magazine.com/view/32406/microsofts-lipner-declares-cost-and-lack-of-management-approval-secure-development-roadblocks-/ http://www.infosecurity-magazine.com/view/32403/ddosforhire-sevices-turn-to-mainstream-advertising/ DDoS services for hire – so-called “booters” that can be hired to knock, or boot, a website offline – are making their way out of the dark shadow-world of hacker message boards and forums, instead taking payments via PayPal and advertising in mainstream venues like YouTube with handy videos featuring hired actors. Tue, 14 May 2013 20:45:00 GMT http://www.infosecurity-magazine.com/view/32403/ddosforhire-sevices-turn-to-mainstream-advertising/ http://www.infosecurity-magazine.com/view/32405/microsoft-declares-conformity-to-iso-270341-and-scott-charney-calls-for-industry-to-follow-/ Opening the Security Development Conference in San Francisco, May 14 2013, Microsoft’s corporate vice president of Trustworthy Computing, Scott Charney, called for vendors and governments to follow Microsoft’s lead in conforming to the ISO 27034-1 standard. Tue, 14 May 2013 20:39:00 GMT http://www.infosecurity-magazine.com/view/32405/microsoft-declares-conformity-to-iso-270341-and-scott-charney-calls-for-industry-to-follow-/ http://www.infosecurity-magazine.com/view/32404/howard-schmidt-announces-safecode-secure-software-development-training/ At the Security Development Conference in San Francisco, Howard Schmidt, executive director, SAFECode, announced that the non-for-profit organization is tackling software development and engineering security with a set of free online training courses, available via on-demand webcasts and covering a range of issues, from preventing SQL injection to avoiding cross-site request forgery. Tue, 14 May 2013 20:13:00 GMT http://www.infosecurity-magazine.com/view/32404/howard-schmidt-announces-safecode-secure-software-development-training/ http://www.infosecurity-magazine.com/view/32402/morrocan-ghosts-web-hosting-hack-opens-up-dozens-of-israeli-targets/ A full 52 Israeli websites were hit this week by a group calling themselves the Moroccan Ghosts. The hacktivists defaced Israeli sites by replacing the homepages with political propaganda pages and played Moroccan music over the images. Tue, 14 May 2013 19:33:00 GMT http://www.infosecurity-magazine.com/view/32402/morrocan-ghosts-web-hosting-hack-opens-up-dozens-of-israeli-targets/ http://www.infosecurity-magazine.com/view/32401/video-interview-off-the-shelf-cyber-threats-increasingly-complicate-the-security-landscape/ IBM's Tom Turner talks to Drew Amorosi, deputy editor of Infosecurity magazine, at the recent Infosecurity Europe conference in London. Tue, 14 May 2013 18:48:00 GMT http://www.infosecurity-magazine.com/view/32401/video-interview-off-the-shelf-cyber-threats-increasingly-complicate-the-security-landscape/ http://www.infosecurity-magazine.com/view/32383/ico-publishes-confused-and-confusing-report-on-gdpr/ The EC has proposed a standardized General Data Protection Regulation (GDPR) across Europe, claiming it will save business £billions. The UK says it will cost business £millions. The ICO commissioned London Economics to find out who is right. Tue, 14 May 2013 13:54:00 GMT http://www.infosecurity-magazine.com/view/32383/ico-publishes-confused-and-confusing-report-on-gdpr/ http://www.infosecurity-magazine.com/view/32374/judge-allows-redacted-disclosure-of-reddit-cofounders-documents/ The US government and MIT/JSTOR had agreed that documents concerning the prosecution of Aaron Swartz could, in part, be made public. The Swartz estate asked for the documents in full. The court has denied the estate and allowed the government and MIT/JSTOR to redact certain information. Tue, 14 May 2013 11:54:00 GMT http://www.infosecurity-magazine.com/view/32374/judge-allows-redacted-disclosure-of-reddit-cofounders-documents/ http://www.infosecurity-magazine.com/view/32369/mideast-sabotage-threats-target-us-energy-sector/ A new crop of Mideast-originated cyberattacks are targeting the American energy sector, with the intent of sabotage, not just espionage. Mon, 13 May 2013 19:57:00 GMT http://www.infosecurity-magazine.com/view/32369/mideast-sabotage-threats-target-us-energy-sector/ http://www.infosecurity-magazine.com/view/32368/consumers-still-ignoring-malware-protection-/ As many as 58.2 million American adults had at least one malware infection that affected their home PCs’ features or performance in the past year – a fact that collectively cost nearly $4 billion for repairs. Mon, 13 May 2013 19:28:00 GMT http://www.infosecurity-magazine.com/view/32368/consumers-still-ignoring-malware-protection-/ http://www.infosecurity-magazine.com/view/32367/carwrapper-scam-claiming-more-victims-via-email/ A long-running spam campaign offering money in return for consumers helping to advertise an array of products with “car wrappers” is gathering steam of late, thanks to its plausible premise. Mon, 13 May 2013 19:24:00 GMT http://www.infosecurity-magazine.com/view/32367/carwrapper-scam-claiming-more-victims-via-email/ http://www.infosecurity-magazine.com/view/32364/surveillance-software-targeted-britishbahraini-citizen/ A witness statement filed in the high court London claims that Gamma International’s FinFisher (FinSpy) covert surveillance software targeted the computer of a leading Bahraini activist who holds dual British and Bahraini citizenship. Mon, 13 May 2013 16:16:00 GMT http://www.infosecurity-magazine.com/view/32364/surveillance-software-targeted-britishbahraini-citizen/ http://www.infosecurity-magazine.com/view/32365/video-interview-isc-broadens-certification-offerings-to-forensics-and-cloud-security/ Deputy editor of Infosecurity magazine, Drew Amorosi, talks to (ISC)²'s new chief operating officer at Infosecurity Europe 2013. Mon, 13 May 2013 16:00:00 GMT http://www.infosecurity-magazine.com/view/32365/video-interview-isc-broadens-certification-offerings-to-forensics-and-cloud-security/ http://www.infosecurity-magazine.com/view/32358/telecom-fraud-a-chinese-variant-on-the-police-trojan-explained/ Fraud is big business in China. Last year there were more than 170,000 cases causing losses of more than $12.5 billion. New evidence suggests this might be getting worse with increasingly sophisticated cyber fraud. Mon, 13 May 2013 12:46:00 GMT http://www.infosecurity-magazine.com/view/32358/telecom-fraud-a-chinese-variant-on-the-police-trojan-explained/ http://www.infosecurity-magazine.com/view/32353/chrome-and-firefox-extension-hijacks-facebook-accounts/ First discovered in April this year, Trojan:JS/Febipos.A is a malicious browser extension specifically targeting Chrome and Mozilla Firefox and designed to hijack the victim’s Facebook account. Mon, 13 May 2013 10:12:00 GMT http://www.infosecurity-magazine.com/view/32353/chrome-and-firefox-extension-hijacks-facebook-accounts/ http://www.infosecurity-magazine.com/view/32350/snapchats-expired-snaps-are-not-deleted-just-hidden/ Snapchat doesn’t delete expired photos on Android phones – it merely tells the operating system to ignore them. That means they are still available for retrieval with the right forensic software. Mon, 13 May 2013 08:52:00 GMT http://www.infosecurity-magazine.com/view/32350/snapchats-expired-snaps-are-not-deleted-just-hidden/ http://www.infosecurity-magazine.com/view/32348/hackers-looted-45-million-in-global-atm-heist/ A global gang of hackers managed to siphon off $45 million from ATMs thanks to outdated US credit card technology. Fri, 10 May 2013 20:14:00 GMT http://www.infosecurity-magazine.com/view/32348/hackers-looted-45-million-in-global-atm-heist/ http://www.infosecurity-magazine.com/view/32346/almost-half-of-employees-admit-to-bypassing-security-controls/ Security shouldn’t get in the way of doing business and closing sales, but many organizations are wrestling with data protection strategies that block employees' ability to get the information they need to do their jobs. Almost half of all employees in a recent survey admitted to bypassing security regulations in order to get their job done. That's breeding apathy, too: 40% admitted that if they were breached no one would notice. Fri, 10 May 2013 19:52:00 GMT http://www.infosecurity-magazine.com/view/32346/almost-half-of-employees-admit-to-bypassing-security-controls/ http://www.infosecurity-magazine.com/view/32345/data-breach-at-washington-state-courts-exposes-info-on-1-million-people/ Attackers exploiting Adobe’s ColdFusion app server made off with 160,000 Social Security numbers, and gained access to the driver’s license numbers and names of up to 1 million people logged in the Washington State court system in a data breach that was recorded over February and March. Fri, 10 May 2013 19:34:00 GMT http://www.infosecurity-magazine.com/view/32345/data-breach-at-washington-state-courts-exposes-info-on-1-million-people/ http://www.infosecurity-magazine.com/view/32339/video-interview-unpatched-vulnerabilities-remain-a-primary-security-challenge/ Eleanor Dallaway, editor of Infosecurity magazine, interviews Mark Raeburn of Context Information Security at Infosecurity Europe 2013 in London. Fri, 10 May 2013 15:29:00 GMT http://www.infosecurity-magazine.com/view/32339/video-interview-unpatched-vulnerabilities-remain-a-primary-security-challenge/ http://www.infosecurity-magazine.com/view/32336/chrome-extension-briefly-allows-drmfree-downloads-from-spotify-encryption-may-not-be-the-answer-/ A Chrome extension called Downloadify allowed DRM-free downloads from Spotify’s library of 20 million songs before remedial action by Spotify and withdrawal from the Chrome store by Google. Fri, 10 May 2013 13:43:00 GMT http://www.infosecurity-magazine.com/view/32336/chrome-extension-briefly-allows-drmfree-downloads-from-spotify-encryption-may-not-be-the-answer-/ http://www.infosecurity-magazine.com/view/32331/may-2013-patch-tuesday-preview/ Next week’s Microsoft patch releases will comprise 10 bulletins: 2 critical and 8 important. The two critical updates involve Internet Explorer and are thought to fix the vulnerabilities used in the recent Labor Department water-hole attack, and the successful attack employed at Pwn2Own earlier this year. Fri, 10 May 2013 11:18:00 GMT http://www.infosecurity-magazine.com/view/32331/may-2013-patch-tuesday-preview/ http://www.infosecurity-magazine.com/view/32326/video-interview-cyber-battles-more-important-than-cyber-war/ Drew Amorosi, deputy editor of Infosecurity magazine, interviews Canon Europe's director of information security at Infosecurity Europe 2013. Fri, 10 May 2013 11:00:00 GMT http://www.infosecurity-magazine.com/view/32326/video-interview-cyber-battles-more-important-than-cyber-war/ http://www.infosecurity-magazine.com/view/32325/privileged-account-insecurity-opens-door-wide-to-apts/ Despite high-profile warnings by security researchers, a majority of organizations are failing to enact recommended best practice security policies around one of the primary targets of advanced attacks – privileged accounts. Thu, 09 May 2013 19:40:00 GMT http://www.infosecurity-magazine.com/view/32325/privileged-account-insecurity-opens-door-wide-to-apts/ http://www.infosecurity-magazine.com/view/32324/despite-widespread-adoption-companies-fail-to-implement-byod-policy/ As the influx of personal mobile devices into the workplace continues apace, a new survey shows that security is both the top concern and top measure for success for enterprises implementing bring-your-own-device (BYOD) programs. Thu, 09 May 2013 19:21:00 GMT http://www.infosecurity-magazine.com/view/32324/despite-widespread-adoption-companies-fail-to-implement-byod-policy/ http://www.infosecurity-magazine.com/view/32323/iso-approves-ediscovery-standards-development/ The International Organisation for Standardisation has given its final approval for the development of an international standard for the discovery of electronically stored information (ESI), aimed at giving greater credibility to digital evidence in legal matters and forensics through the implementation of a secure framework and guidelines for the process. Thu, 09 May 2013 19:16:00 GMT http://www.infosecurity-magazine.com/view/32323/iso-approves-ediscovery-standards-development/ http://www.infosecurity-magazine.com/view/32319/sms-phishing-leads-to-an-advance-fee-spam-scam-across-europe/ A web text phishing scam is spreading across Europe, with users being tricked into allowing thousands of spam text messages to be sent from their accounts – and sometimes resulting in huge phone bills. Thu, 09 May 2013 13:31:00 GMT http://www.infosecurity-magazine.com/view/32319/sms-phishing-leads-to-an-advance-fee-spam-scam-across-europe/ http://www.infosecurity-magazine.com/view/32312/video-interview-web-browsers-responsible-for-majority-of-malware-infections/ Eleanor Dallaway, editor of Infosecurity magazine, sits down with Qualys’ Wolfgang Kandek at the recent Infosecurity Europe conference in London to discuss the information security threat landscape. Thu, 09 May 2013 13:30:00 GMT http://www.infosecurity-magazine.com/view/32312/video-interview-web-browsers-responsible-for-majority-of-malware-infections/ http://www.infosecurity-magazine.com/view/32311/video-interview-experts-discuss-statesponsored-cyber-attacks/ At Infosecurity Europe 2013, Drew Amorosi – deputy editor of Infosecurity – assembled a panel of industry experts to discuss state-sponsored cyber attacks, and the legal frameworks that govern them. Thu, 09 May 2013 12:00:00 GMT http://www.infosecurity-magazine.com/view/32311/video-interview-experts-discuss-statesponsored-cyber-attacks/ http://www.infosecurity-magazine.com/view/32318/75m-university-fund-to-train-cybersecurity-experts-/ Royal Holloway (University of London) and Oxford University have each received funding of almost £4 million to provide new centers for doctoral training (CDT) to address the UK’s national need for cyber security expertise. Thu, 09 May 2013 11:44:00 GMT http://www.infosecurity-magazine.com/view/32318/75m-university-fund-to-train-cybersecurity-experts-/ http://www.infosecurity-magazine.com/view/32314/queens-speech-keeps-the-communications-data-bill-alive/ “In relation to the problem of matching internet protocol addresses, my Government will bring forward proposals to enable the protection of the public and the investigation of crime in cyberspace”, says the Queen’s Speech, May 2013. Thu, 09 May 2013 10:00:00 GMT http://www.infosecurity-magazine.com/view/32314/queens-speech-keeps-the-communications-data-bill-alive/ http://www.infosecurity-magazine.com/view/32310/data-breaches-loom-in-the-face-of-business-transformation/ The move to cloud applications, ever-present mobility, Big Data and an escalating set of complex cyber-attack vectors and malware are all conspiring to overwhelm security professionals, leaving the door for many businesses wide open to data breaches. Wed, 08 May 2013 20:11:00 GMT http://www.infosecurity-magazine.com/view/32310/data-breaches-loom-in-the-face-of-business-transformation/ http://www.infosecurity-magazine.com/view/32308/senate-introduces-cyberespionage-bill/ As CISPA languishes in the US Senate, likely never to see the light of day in that chamber, a bipartisan group of lawmakers have introduced a different cybersecurity bill aimed at thwarting corporate espionage. Wed, 08 May 2013 19:44:00 GMT http://www.infosecurity-magazine.com/view/32308/senate-introduces-cyberespionage-bill/ http://www.infosecurity-magazine.com/view/32302/fake-av-attack-on-dcarea-media-shows-rise-of-mass-compromises/ Two local Washington DC media outlets – WTOP and sister station Federal News Radio, and the Dvorak Uncensored pundit blog – all became the victims of bad actors looking to make a buck with scareware earlier this week. The stunt is indicative of a rising tide of mass compromises, researchers said. Wed, 08 May 2013 19:22:00 GMT http://www.infosecurity-magazine.com/view/32302/fake-av-attack-on-dcarea-media-shows-rise-of-mass-compromises/ http://www.infosecurity-magazine.com/view/32284/is-it-time-to-dump-antivirus/ If Saturday was Star Wars day (May the Fourth be with you), yesterday was the day the Empire strikes back: Long live endpoint protection! says Trend Micros’s chief technology officer. Wed, 08 May 2013 12:33:00 GMT http://www.infosecurity-magazine.com/view/32284/is-it-time-to-dump-antivirus/ http://www.infosecurity-magazine.com/view/32268/video-interview-challenges-facing-information-security-professionals/ Infosecurity magazine’s Eleanor Dallaway sits down with representatives of ISACA, (ISC)², and the ISSA at the recent Infosecurity Europe conference in London. Wed, 08 May 2013 12:15:00 GMT http://www.infosecurity-magazine.com/view/32268/video-interview-challenges-facing-information-security-professionals/ http://www.infosecurity-magazine.com/view/32265/all-kidding-aside-the-syrian-electronic-army-hacks-the-onion/ The Syrian Electronic Army apparently has a humorous side. Hackers supporting the regime of Syrian president Bashar al-Assad hijacked the Twitter account of The Onion, the well-known parody news website, issuing joke-tastic tweets of their own before The Onion itself struck back, with a series of tweets revolving around impending executions. Wed, 08 May 2013 12:00:00 GMT http://www.infosecurity-magazine.com/view/32265/all-kidding-aside-the-syrian-electronic-army-hacks-the-onion/ http://www.infosecurity-magazine.com/view/32274/syrias-internet-connection-is-turned-offagain/ Syria’s connection to the internet was turned off at 18:48 UTC yesterday. This was done by withdrawing the BGP (Border Gateway Protocol) routes from the country's border routers, making the country’s two TLD servers (ns1.tld.sy and ns2.tld.sy) inaccessible. Mobile connections also seem to be cut. Wed, 08 May 2013 10:45:00 GMT http://www.infosecurity-magazine.com/view/32274/syrias-internet-connection-is-turned-offagain/ http://www.infosecurity-magazine.com/view/32267/video-interview-educating-information-security-professionals/ Infosecurity magazine's Drew Amorosi interviews Kevin Jones of City University London at the recent Infosecurity Europe conference. Wed, 08 May 2013 10:00:00 GMT http://www.infosecurity-magazine.com/view/32267/video-interview-educating-information-security-professionals/ http://www.infosecurity-magazine.com/view/32269/is-the-white-house-recruiting-twitters-legal-director/ Rumors started circulating in Washington yesterday that president Obama may be on the verge of appointing a new chief privacy officer: Twitter’s legal director Nicole Wong. Wed, 08 May 2013 09:17:00 GMT http://www.infosecurity-magazine.com/view/32269/is-the-white-house-recruiting-twitters-legal-director/ http://www.infosecurity-magazine.com/view/32264/autoit-makes-malware-outrageously-easy/ AutoIT, a flexible coding language that’s been used since 1999 for scripting in Windows, is on the rise as a go-to development language for malware. Tue, 07 May 2013 19:22:00 GMT http://www.infosecurity-magazine.com/view/32264/autoit-makes-malware-outrageously-easy/ http://www.infosecurity-magazine.com/view/32263/dod-approves-android-blackberry-10-smartphones-for-use-by-soldiers/ US soldiers will soon be able to get their Android on…sort of. The US Department of Defense has approved the use of Samsung’s hardened, secure version of Android in smartphones used by the military, along with BlackBerry 10 devices. Tue, 07 May 2013 19:15:00 GMT http://www.infosecurity-magazine.com/view/32263/dod-approves-android-blackberry-10-smartphones-for-use-by-soldiers/ http://www.infosecurity-magazine.com/view/32250/researchers-hack-googles-australian-office-building/ “If Google can fall victim to an ICS attack, anyone can,” say researchers after taking over the building control system of Google’s Sydney, Australia offices. Tue, 07 May 2013 13:34:00 GMT http://www.infosecurity-magazine.com/view/32250/researchers-hack-googles-australian-office-building/ http://www.infosecurity-magazine.com/view/32248/mcafee-to-acquire-stonesoft/ McAfee, owned by Intel, announced yesterday that it intends to buy Finnish firewall and anti-evasion technique firm Stonesoft for a fee of approximately $389 million. Tue, 07 May 2013 12:30:00 GMT http://www.infosecurity-magazine.com/view/32248/mcafee-to-acquire-stonesoft/ http://www.infosecurity-magazine.com/view/32236/video-interview-symantec-crowns-winner-of-latest-cyber-readiness-challenge/ Eleanor Dallaway, editor of Infosecurity, interviews Sian John about the Symantec Cyber Readiness Challenge at Infosecurity Europe 2013. Tue, 07 May 2013 11:00:00 GMT http://www.infosecurity-magazine.com/view/32236/video-interview-symantec-crowns-winner-of-latest-cyber-readiness-challenge/ http://www.infosecurity-magazine.com/view/32245/los-alamos-national-labs-has-been-operating-quantum-cryptography-for-more-than-2-years/ The irony for government is that while some agencies seek total communications surveillance, other agencies are seeking perfect communications security. TIA is an example of the former; Los Alamos’ quantum internet is an example of the latter. Tue, 07 May 2013 11:00:00 GMT http://www.infosecurity-magazine.com/view/32245/los-alamos-national-labs-has-been-operating-quantum-cryptography-for-more-than-2-years/ http://www.infosecurity-magazine.com/view/32239/accused-of-stealing-millions-spyeye-developer-extradited-to-us/ The 24-year-old Algerian man allegedly responsible for stealing tens of millions of dollars with the SpyEye banking trojan has been extradited to the US, where he faces a 23-count indictment for conspiracy to commit wire and bank fraud, stemming from the hijacking of bank accounts at more than 200 financial institutions. Mon, 06 May 2013 20:42:00 GMT http://www.infosecurity-magazine.com/view/32239/accused-of-stealing-millions-spyeye-developer-extradited-to-us/