Infosecurity News

  1. Target May Have Ignored Pre-breach Intrusion Warning

    The largest retail breach in history happened at Target stores all over the country during the busy 2013 holiday shopping season, sparking 90+ lawsuits, a Congressional hearing, corporate restructuring and plummeting sales figures for the big-box retailer. But according to a report, it all could have been prevented – had the retail giant simply listened to its own internal early warning systems.

  2. ICS Flaws Discovered that Could Affect Thousands of Plant-monitoring Systems

    Industrial control systems (ICS) are a notorious weak link when it comes to securing mission-critical infrastructure, but progress in overhauling cyber-practices for this legacy software seems to be moving along at a snail’s pace. Case in point: yet another system, deployed in thousands of locations globally and often exposed to the internet, has been found to be eminently vulnerable.

  3. Government ID Theft Ringleader Gets 12 Years in Prison

    The leader of an identity theft ring that stole more than 600 identities from US government employees and others has been sentenced to serve 12 years in prison, followed by three years of supervised release.

  4. The NSA's Botnet of Botnets: an Active SIGINT System

    The latest revelations from the Snowden files, published by Glenn Greenwald's new venture The Intercept, show that NSA thinking has followed the same arguments developed by cybercriminals: if you wish to control a large number of subjects (infected computers) you need to automate the process with a command and control server. This is a botnet.

  5. Warning: DDoS Attack Volume Balloons 807.48% in Fresh Spike

    While network time protocol (NTP) amplification attacks have been a threat for many years, a new DDoS surge is ringing alarm bells: in just one month, February 2014, the number of NTP amplification attacks increased 371.43%. The average peak DDoS attack volume increased a staggering 807.48%.

  6. Worm that Wreaked Havoc for US Military Likely a Progenitor of Red October

    More than a year ago, Kaspersky Labs analyzed dozens of modules used by Red October, an extremely sophisticated cyber-espionage operation that has been at work in dozens of high-profile targets. New analysis shows that one of its genetic progenitors is likely Agent.btz, a long-running, data-collecting worm believed to have been developed by Russian special services.

  7. secunet Previews New SINA Workstation and Tablet PC

    Essen, Germany-based secunet Security Networks, which specializes in protecting classified/sensitive information, gives a sneak peak at soon-to-be-available updates to the firm’s product line

  8. False Passports on Flight MH370 Highlights Failure to Use Interpol's Resources

    The tragic and mysterious loss of Malaysia Airlines Flight MH370 has spawned numerous dark theories, most centered around the discovery that two passengers were using stolen passports.

  9. Online Pentesting Goes Into Open Beta

    Penetration testing is a valuable part of any security audit. It applies a hacker mindframe to finding the vulnerabilities that hackers seek to exploit before they get to exploit them. But it suffers from two weaknesses: cost and timeframe. A third-party pentest can be expensive, and only audits security at the time of the test – new software tomorrow could introduce new vulnerabilities.

  10. LockLizard Develops Zero Footprint Solution for PDF Security

    LockLizard, a leading provider of document digital rights management (DRM) systems, will be addressing the holy grail of document security with the launch of a new web-based DRM solution for viewing protected PDF files

  11. City of London Plans Police Access to 1300 ANPR Cameras

    London operates a congestion charge to reduce traffic in central London. The congestion charge is enforced by 1300 automatic number plate recognition (ANPR) cameras operated by Traffic for London. Now the City of London is considering making feeds from these cameras available to the Metropolitan Police.

  12. UK Ministry of Justice Warning on Parking Fine Scam

    There is a current scam campaign in the UK claiming that people are overdue in payment of a parking charge. An email apparently from the Ministry of Justice claims that photographic evidence of the offense is enclosed in an attachment. This, says the police ActionFraud website, "is likely to contain a virus."

  13. Snake Cyber-espionage Campaign Targetting Ukraine is Linked to Russia

    BAE Systems has released a major analysis of a long-standing cyber espionage campaign that has all the hallmarks of state-sponsored malware. The malware is sophisticated, covert and persistent, and seems to have been in operation since at least 2005. There has been a major uptick of detections during the Ukrainian crisis.

  14. Naked Videos of Facebook Friends Turn Out to Be Trojans

    If Facebook promised you naked videos of your friends, would you click? As much as you may be tempted to find out why your former 8th-grade computer lab partner is sending you a racy video selfie, beware: it is, of course, a scam.

  15. Microsoft's Response Rate to Law Enforcement Requests Stays Steady

    Microsoft once again gave up only a small percentage of content data to law enforcement agencies that asked for it in the last six months of 2013. Only 2.32% of requests from police and other organizations globally resulted in disclosure of data regarding specific activities or messaging content, it said.

  16. So Where Are Mt Gox's Stolen Bitcoin Millions?

    The question repeatedly asked by the bitcoin community since Mt Gox announced that all of its bitcoins had been stolen by hackers, is where have they gone? While bitcoins do not reveal their owners, their use can be tracked via blockchains – and there has been no sign of their use.

  17. Is Getty's Image Embedding Tool a Trojan Horse?

    Getty Images has a reputation for being a copyright maximalist. It has sued breaches of copyright, and lobbied Congress for stricter copyright legislation. So when the world's largest collection of photos – in excess of 80 million still images – declared that many of those images would be available free of charge for non-commercial use, it came as a bit of a surprise: but was widely welcomed.

  18. Europol Urges Caution with Public Wi-Fi

    Criminal theft of private data from public Wi-Fi hotspots is not new, but is increasing. The two most prevalent methods are traffic sniffing and man-in-the-middle attacks using a rogue, criminal-controlled hotspot. Talking to the BBC, Europol has warned the public to be ever-vigilant in public places.

  19. Dendroid RAT: the Next Stage of Android Malware Evolution

    Close on the heels of the discovery of an Android remote administration tool (RAT) known as AndroRAT – believed to be the first ever malware APK binder – comes a new variant of the idea, dubbed Dendroid.

  20. Stuck in a Jam: Smucker's Suffers Data Breach

    For the JM Smucker jam and jelly company, life isn’t so sweet at the moment: attackers have managed to get into the company’s online ordering system, lifting personal information on customers. In the aftermath, the company has shuttered its online store.

Why Not Watch?

  1. Exposing AI’s Blind Spots: Security vs Safety in the Age of Gen AI

  2. Audit & Compliance in the Era of AI and Emerging Technology

  3. Risk-Based IT Compliance: The Case for Business-Driven Cyber Risk Quantification

  4. Mastering AI Security With ISACA’s New AAISM Certification

What’s Hot on Infosecurity Magazine?