Infosecurity News

  1. RSA Conference 2014: Celebrating Milestones, (ISC)² also Revamps its CISSP Exam

    As (ISC)² celebrates its 25th anniversary, the global non-profit is well underway to conducting the most extensive overhaul of the CISSP certification exam in its history. Infosecurity catches up with its executive director at the RSA Conference in San Francisco for a retrospective, and what to expect from the new certification exam

  2. 2014 US Cyber Challenge Kicks Off in April

    The Council on Cybersecurity (CCS) has launched the 2014 US Cyber Challenge, calling on the industry and government to “get serious” about the workforce problem. The initiative aims to find 10,000 bright students and turn them into cybersecurity professionals.

  3. Lloyd's of London Declines Infosec Cover For Energy Companies

    The BBC reported yesterday that energy companies "are being refused insurance cover for cyber-attacks because their defenses are perceived as weak." Before cover is offered, applicants must undergo a security audit by the insurance companies, but "the majority of applicants were turned away because their cyber-defenses were lacking."

  4. Lauri Love Accused of Hacking the Federal Reserve

    In October 2013 the UK's National Crime Agency announced that a 28-year old Briton, simultaneously identified by the FBI as "Lauri Love, 28, of Stradishall, England," was arrested on suspicion of hacking into US Army, US military and US government computers. Yesterday the FBI further charged him with hacking the Federal Reserve.

  5. BitCrypt Ransomware Easily Broken

    A new variant of ransomware dubbed BitCrypt has been smashed open by a pair of French researchers.

  6. RSA Conference 2014: Intelligence Heavyweights Engage in Friendly Europe Bashing

    The US is not unique among nations when it comes to its intelligence gathering abilities. “We are just better” at it than most countries, according to Richard Clarke, the former presidential counter-terrorism adviser.

  7. RSA Conference 2014: Microsoft Does Not Put Backdoors in its Products says Charney

    In his keynote at the RSA Conference in San Francisco, February 25 2014, Scott Charney, VP of Microsoft’s Trustworthy Computing Group, insisted that Microsoft has not compromised its principles in order to work with the NSA

  8. RSA 2014: Art Coviello Addresses RSA/NSA Controversy in Keynote

    In the opening keynote at the RSA Conference 2014 in San Francisco, Art Coviello, Executive Chairman of RSA, gave his first public comments about RSA’s relationship with the NSA.

  9. Criminals Can Keylog an iPhone to Steal Passwords

    Last month, Trustwave's Neal Hindocha wondered whether cybercriminals could adapt to changes in user habits. In the PC world, a major tool for cyberthieves is the keylogger, used to capture passwords as they are entered at the keyboard. But users are switching to phones and tablets that have no keyboards. How, he wondered, would a keylogger work on a device with no keyboard?

  10. 80% of SOHO Routers Contain Vulnerabilities

    It has become increasingly obvious in recent months that routers are being targeted by attackers – even the NSA uses this attack vector as part of its Quantum Injection program. Now a new survey suggests that as much as 80% of the best-selling SOHO routers include vulnerabilities.

  11. ISACA Issues First COBIT 5 Audit Programs

    Global IT association ISACA has issued the first of more than 30 audit programs that will align with the COBIT 5 business framework, which helps enterprises govern and manage their information and technology.

  12. Tinder App Allowed Users to Precisely Locate Others

    Tinder is a very popular mobile dating app. It is designed to allow people to 'meet' virtually before deciding whether they would like to meet for real. Unfortunately, Tinder has a history of allowing one user to physically locate another, even if the approach has been rejected.

  13. 96% of Applications Have an Average of 14 Vulnerabilities

    The latest Cenzic report on application vulnerability trends shows that things aren't getting any better. All software has bugs, and almost all of them have bugs that are security vulnerabilities. In fact, on average, they have 14 separate vulnerabilities – a quarter of which are cross-site scripting flaws.

  14. Microsoft Pays Another $100K Bug Bounty

    Microsoft has paid out its second $100,000 bug bounty since launching its reward program in mid-2013. The award brings total payouts for the program to $253,000 in under a year.

  15. Zeus Trojan Now Hiding in Plain Sight – Using Pictures

    A new variant of the notorious Zeus banking trojan is making the rounds, with a new approach that uses steganography, a technique that allows it to disguise data inside of an existing file without damaging it.

  16. Scariest Search Engine on the Internet Just Got Scarier

    CNN Money described Shodan as "The scariest search engine on the Internet." Forbes called it a "terrifying search engine." Unlike Google, Shodan searches for internet-connected devices (which could have known vulnerabilities) rather than information. For those who believe this is scary, it just got scarier with the launch of Shodan Maps.

  17. 70% of Android Devices Vulnerable to a Remote Exploit

    Rapid7's Metasploit researchers have developed a new exploit for an old vulnerability that remains pervasive in the Android ecosystem some 9 months after it was patched by Google. With this new code, 70% of all Android users are vulnerable to a little social engineering and a remote takeover.

  18. Hundreds of Millions of Passwords are Compromised Yearly

    An analysis of compromised credentials posted to Pastebin suggests that hundreds of millions of passwords are being compromised by cybercriminals every year.

  19. Researcher Develops New Geographical Passwords

    Passwords do not keep our personal data safe. That much is empirically clear – the sheer volume of passwords that are stolen and the ease with which they are cracked demonstrates this on a weekly basis. But it is not the theory of passwords that fails, it is the human inability to use them wisely that is the weakness.

  20. Australia Offered Economic Espionage Results to the NSA

    Details from a newly disclosed document from the cache of Edward Snowden leaks demonstrates that the Australian spy agency (one of the Five Eyes) was monitoring a US law firm advising the Indonesian government on a trade dispute with the US in 2013 in a clear breach of attorney/client confidentiality – and offered that information to the NSA.

Why Not Watch?

  1. How Mid-Market Businesses Can Leverage Microsoft Security for Proactive Defenses

  2. Revisiting CIA: Developing Your Security Strategy in the SaaS Shared Reality

  3. Exposing AI’s Blind Spots: Security vs Safety in the Age of Gen AI

  4. Audit & Compliance in the Era of AI and Emerging Technology

What’s Hot on Infosecurity Magazine?