Infosecurity News

  1. Howard Schmidt Announces SAFECode secure software development training

    At the Security Development Conference in San Francisco, Howard Schmidt, executive director, SAFECode, announced that the non-for-profit organization is tackling software development and engineering security with a set of free online training courses, available via on-demand webcasts and covering a range of issues, from preventing SQL injection to avoiding cross-site request forgery.

  2. Judge allows redacted disclosure of Reddit co-founder's documents

    The US government and MIT/JSTOR had agreed that documents concerning the prosecution of Aaron Swartz could, in part, be made public. The Swartz estate asked for the documents in full. The court has denied the estate and allowed the government and MIT/JSTOR to redact certain information.

  3. Mideast sabotage threats target US energy sector

    A new crop of Mideast-originated cyberattacks are targeting the American energy sector, with the intent of sabotage, not just espionage.

  4. Surveillance software targeted British/Bahraini citizen

    A witness statement filed in the high court London claims that Gamma International’s FinFisher (FinSpy) covert surveillance software targeted the computer of a leading Bahraini activist who holds dual British and Bahraini citizenship.

  5. Telecom fraud: a Chinese variant on the Police Trojan explained

    Fraud is big business in China. Last year there were more than 170,000 cases causing losses of more than $12.5 billion. New evidence suggests this might be getting worse with increasingly sophisticated cyber fraud.

  6. Snapchat’s expired snaps are not deleted, just hidden

    Snapchat doesn’t delete expired photos on Android phones – it merely tells the operating system to ignore them. That means they are still available for retrieval with the right forensic software.

  7. Hackers looted $45 million in global ATM heist

    A global gang of hackers managed to siphon off $45 million from ATMs thanks to outdated US credit card technology.

  8. Almost half of employees admit to bypassing security controls

    Security shouldn’t get in the way of doing business and closing sales, but many organizations are wrestling with data protection strategies that block employees' ability to get the information they need to do their jobs. Almost half of all employees in a recent survey admitted to bypassing security regulations in order to get their job done. That's breeding apathy, too: 40% admitted that if they were breached no one would notice.

  9. Chrome extension briefly allows DRM-free downloads from Spotify: Encryption may not be the answer

    A Chrome extension called Downloadify allowed DRM-free downloads from Spotify’s library of 20 million songs before remedial action by Spotify and withdrawal from the Chrome store by Google.

  10. Despite widespread adoption, companies fail to implement BYOD policy

    As the influx of personal mobile devices into the workplace continues apace, a new survey shows that security is both the top concern and top measure for success for enterprises implementing bring-your-own-device (BYOD) programs.

  11. ISO approves eDiscovery standards development

    The International Organisation for Standardisation has given its final approval for the development of an international standard for the discovery of electronically stored information (ESI), aimed at giving greater credibility to digital evidence in legal matters and forensics through the implementation of a secure framework and guidelines for the process.

  12. SMS phishing leads to an advance fee spam scam across Europe

    A web text phishing scam is spreading across Europe, with users being tricked into allowing thousands of spam text messages to be sent from their accounts – and sometimes resulting in huge phone bills.

  13. Fake AV attack on DC-area media shows rise of mass compromises

    Two local Washington DC media outlets – WTOP and sister station Federal News Radio, and the Dvorak Uncensored pundit blog – all became the victims of bad actors looking to make a buck with scareware earlier this week. The stunt is indicative of a rising tide of mass compromises, researchers said.

  14. AutoIT makes malware "outrageously easy"

    AutoIT, a flexible coding language that’s been used since 1999 for scripting in Windows, is on the rise as a go-to development language for malware.

  15. DoD approves Android, BlackBerry 10 smartphones for use by soldiers

    US soldiers will soon be able to get their Android on…sort of. The US Department of Defense has approved the use of Samsung’s hardened, secure version of Android in smartphones used by the military, along with BlackBerry 10 devices.

  16. Researchers hack Google’s Australian office building

    “If Google can fall victim to an ICS attack, anyone can,” say researchers after taking over the building control system of Google’s Sydney, Australia offices.

  17. Internet Explorer zero-day blamed for Department of Labor website attack

    The watering hole campaign that targeted a US Department of Labor website was the result of a brand-new zero-day vulnerability affecting Internet Explorer 8 (CVE-2013-1347), and not a patched, known quantity as originally thought.

  18. New online backup service scans for malware before saving files

    Consumers often look to protect their assets in the event of computer theft, loss or an “incident” that wipes out files and requires a complete restoration.

  19. Report: Chinese hackers drained secrets from top US military and spy contractor

    Spies like us? Apparently so, as in, they’re just as vulnerable to Chinese hackers as anyone else. One of the top espionage and military contractors for the US, QinetiQ North America, has been successfully compromised and its information siphoned off, according to a Bloomberg report.

  20. Trojans cause 80% of worldwide malware infections

    When it comes to malware, the spawning rate of new threats does not appear to be slowing down at all: In the first quarter of 2013 alone, more than six and a half million new malware samples were created, according to Panda Security’s latest malware report.

Why not watch?

  1. Navigating the Evolving Cybersecurity Compliance Landscape in 2024

  2. How to Secure Remote Connectivity within Operational Technology Environments

  3. Unpacking the Top Vulnerabilities Exploited by Sophisticated Attackers

  4. How to Proactively Remediate Rising Web Application Threats

What’s hot on Infosecurity Magazine?