Infosecurity News

  1. Syrian Electronic Army Hacks Microsoft, and the Country Disappears from the Web

    Syrian politics are having big ramifications on the web this week. First up, the Syrian Electronic Army has released what it alleges are hacked invoices from Microsoft that document months of transactions between Microsoft's Global Criminal Compliance team and the FBI's Digital Intercept Technology Unit (DITU) regarding requests for Microsoft user information.

  2. One of the Web's Top Porn Outlets Serves Up Malware

    The Google blacklist and malware warnings are handy and give an air of authority – but sometimes the algorithm gets it wrong. Researchers have discovered that one of the web's top porn providers, beeg.com, which has an Alexa ranking of 332, is currently spreading malware. Although Google had originally blacklisted the site shortly after initial detection, the blacklist warning has since been removed.

  3. Retail Tracking and Privacy Crypto Cracked in Minutes, for Less than a Dollar

    Retail analytics have been around for a dog’s age, allowing stores – whether virtual or real – to track customer behavior and offer up related offerings accordingly. It’s a central part of the up-sell and cross-sell process that keeps the sector humming along with repeat business.

  4. Old Vulnerability at the Heart of Escalating PHP Botnet Attacks

    Back in October 2013, a public exploit for the PHP server-side framework was disclosed, using a command injection vulnerability found in May 2012 and categorized as CVE-2012-1823. Now, it appears that cybercriminals are still using it, despite the vulnerability being somewhat dated, because a major part of the install base of PHP does not get updated on a regular basis. It’s an easily solvable security hole that’s led to increasing levels of botnet attacks on big swaths of the public internet.

  5. IBM Combats $3.5 Trillion in Fraud Losses with Broad-ranging Initiative

    Digital channels such as mobile devices, social networks and cloud platforms offer the perfect connected footprint for bad actors probing for weaknesses and vulnerabilities to carry out everything from tax evasion, money laundering and cyber-attacks to threats from inside the organization. So, looking to take on the scammers and the grifters, IBM has announced a new initiative to use Big Data and analytics to address the $3.5 trillion lost each year to fraud and financial crimes.

  6. EA Games Targeted by Phishers Looking for Apple IDs

    EA Games, maker of popular gaming series including Sims, Plants vs. Zombies, Star Wars Battlefront and others, has been attacked by hackers bent on compromising more than a virtual rebel base. A server for its website has come under fire and is now hosting a phishing site that targets Apple ID account holders.

  7. Full Disclosure Mailing List Shuts Down

    John Cartwright, the operator of Full Disclosure, announced yesterday that he has shut down the mailing list. His own post, 'Administrivia: The End', is the final entry. It was always a controversial service, frequently publishing vulnerability details before vendors had patches available, but the manner of its passing has surprised many.

  8. Sally Beauty Supply Endures the Latest Retail Data Breach

    Security isn’t a cosmetic concern, as we’re seeing from the latest retail data breach report. Following the disclosure of an unauthorized attempted intrusion into its network on March 5, Sally Beauty Supply has reported that it has indeed suffered a data breach as well.

  9. NSA Collects the Whole Voice Conversation of an Entire Nation

    It could, in fact, be at least five nations, with a sixth scheduled for inclusion soon. These revelations were published yesterday in a report based on Snowden leaks just after Edward Snowden himself warned the TED2014 Conference audience in Vancouver that there are more – and worse – revelations to come.

  10. 19-Year Old Saves City of London From Certain Cyber Disaster – Takes Home Masterclass Title

    Once again, the UK's most promising amateur cyber defenders competed to defend the City of London from a simulated cyber-attack, as part of the Cyber Security Challenge Masterclass. A 19-year-old student was crowned the UK Cyber Security Champion after beating all comers over the course of a year-long competition that tested computer defense skills.

  11. Edward Snowden: The Internet Is Not Our Enemy, and Encryption Can Protect It

    Edward Snowden was a surprise speaker at TED2014 in Vancouver. Beamed in via a telepresence robot from his exile in Russia, he spoke to TED presenter Chris Anderson, and was joined by 'father of the web' Sir Tim Berners-Lee. Snowden said there is more to come, and that encryption remains the internet's best defense.

  12. Undetected for Years, Operation Windigo Affects Millions of Servers

    A vast spam and malware campaign has been uncovered that has seized control of more than 25,000 UNIX servers worldwide, daily affecting half a million computers. The backdoor trojan is responsible for sending more than 35 million spam emails every day.

  13. Trustwave Acquires Cenzic to Add Dynamic Testing

    Trustwave announced Tuesday that it has acquired Cenzic for an undisclosed sum, thus combining Trustwave's static application security testing capabilities and Cenzic's dynamic application security testing into a single platform.

  14. Commercial RAT Used by Malicious Hackers

    Win-Spy is a commercial off-the-shelf (COTS) stealth monitoring tool. "Start Spying on any PC or Phone within the Next 5 minutes," says its website. With such products generally available, why should hackers go to the trouble of developing their own RATs? Indeed, according to a FireEye analysis following an attempted intrusion on a US financial institution, they don't.

  15. Join the Grand Theft Auto 5 PC Beta Program Scam

    Everybody likes to be first. Publications like to be the first to publish news, politicians like to be the first with good news, and gamers like to be the first to experience a new game. That's what makes gamers such obvious targets for scams, spam and phishing campaigns based on new versions of popular games.

  16. Hollywood Likely to be Targeted by Chinese Hackers

    Hollywood appears to be emerging as a prime target not just for video pirates, but for Chinese hackers. This is the conclusion of security researchers who have examined the probable attitude of China toward the cultural impact of Hollywood.

  17. Security in Apple's iOS 7 Weaker, Not Stronger, than iOS 6

    Aware of weaknesses in the early_random() pseudo random number generator used in iOS 6, Apple switched to an entirely new generator in iOS 7. In doing so, however, it weakened rather than strengthened the random number generation that lies at the heart of many of the attack mitigations that supposedly make iOS a secure operating system.

  18. LightOut is Latest Cyber Threat to Target Energy Sector

    What happens when the energy grid goes down? Well the lights, of course, go out. A fresh advanced persistent threat (APT) targeting the energy sector is thus aptly named LightsOut, and like previous attacks, it used a watering hole method to start its system compromise.

  19. Backdoor Found in Samsung Galaxy

    A developer working on Replicant, an open-source free mobile operating system designed to replace all proprietary Android components with open-source alternatives, has discovered a backdoor in Samsung Galaxy that provides almost full access to user files, camera, microphone and location.

  20. Nokia Tackles Carrier Roles in Mobile Security with Berlin-based Cybersecurity Center

    With the infiltration of handheld devices into virtually every aspect of our consumer and enterprise lives, mobile networks should be considered critical infrastructure with high impact on public welfare and safety; and cyber-security should be addressed accordingly. That’s the premise behind Nokia Solutions and Networks’ plans to establish a Mobile Broadband Security Center in Berlin.

Why Not Watch?

  1. Mastering AI Security With ISACA’s New AAISM Certification

  2. Modernizing GRC: From Checkbox to Strategic Advantage

  3. Audit & Compliance in the Era of AI and Emerging Technology

  4. OT Security Ecosystem for Targeted Risk Reduction and Reporting

What’s Hot on Infosecurity Magazine?