Infosecurity News

  1. Merkel and Hollande Propose a European Internet

    News outlets, such as the BBC, are reporting that Germany's Chancellor Angela Merkel "is proposing building up a European communications network to help improve data protection" and prevent European emails and other data passing through the United States where it can be, and has been, harvested by the NSA.

  2. The Syrian Electronic Army Hacked Forbes and Dumped 1 Million Credentials

    In a brief statement, Forbes said it had been compromised; that email addresses had been exposed (so beware of phishing attempts); and that passwords had been stolen ('encrypted', but change them anyway); and that law enforcement had been informed. It doesn't name the attackers, but there is more to this news.

  3. New IE 0-Day Used in Watering Hole Attack

    A new Internet Explorer 0-day exploit, apparently used by an old hacking group, was found to have been served by the compromised Veterans of Foreign Wars website. Similarities in the attack suggest the same group as that involved in operations DeputyDog and Ephemeral Hydra were behind the attack. That group is thought to emanate from China.

  4. Happy Valentine's Day: Scam Artists Turn to Online Dating

    Scam artists have for centuries preyed upon the tender affections of the lovelorn, stripping assets and leaving broken hearts in their wake. From the 18th Century classic "Les Liaisons Dangereuses" to the modern-day film "An Education" and Kanye’s “Gold Digger” anthem, popular culture has always shown us that the path to scam success often lies in matters of the heart.

  5. Trojanized Flappy Bird Wings Its Way to Android

    Flappy Bird may have had its wings clipped, but something else has risen, phoenix-like, in its place: a fake, weaponized version of the addictive iPhone and Android game.

  6. Investigation into the Tesco 'Hack'

    More than 2000 Tesco user credentials complete with the monetary value of earned vouchers were anonymously posted on Pastebin on Wednesday (still there at the time of writing this). The question is, how were they acquired: from reused passwords obtained from other breaches; or directly from Tesco?

  7. Anti-theft Software Could Be Attackers' Conduit to Millions of PCs

    A useful cyber-defensive utility can be turned into a powerful tool for cyber-attackers in the form of full access to millions of users' computers, according to research from Kaspersky Lab regarding an element of Absolute Software’s anti-theft software

  8. UK lags behind US in Security Preparedness and Attitudes

    Just 17 per cent of UK business leaders see cyber security as a major priority, compared to 41 per cent in the US, according to new research from BT. This comes from a survey of 500 IT decision makers in medium to large organizations across seven countries undertaken by Vanson Bourne for BT in October 2013.

  9. Dropbox Transparency Report Includes Secret FISA Court Requests

    Online file-sharing service Dropbox, like other cloud-based tech providers, has been allowed to disclose national security requests for user information for the first time. In its latest transparency report, it said that it fielded 249 or fewer national security requests from the US government in 2013. These include National Security Letters and orders issued under the Foreign Intelligence Surveillance Act (FISA orders).

  10. Sophos Acquires Cyberoam to Boost Layered Defense Portfolio

    Anti-virus company Sophos has announced that it has acquired Cyberoam, a fellow player in the network security market that specializes in unified threat management (UTM) and security information and event management (SIEM).

  11. PCI DSS Compliance is Improving, But Not Yet Good Enough

    Verizon has published its third report into the state of PCI DSS conformance drawn from an analysis of compliance assessments for more than 500 companies around the world. The result shows that compliance is improving, but that the majority of companies that accept payment cards still fail to maintain PCI security standards.

  12. Hacking a Car with a $20 Gadget

    Much has been made of the connected car phenomenon, as more and more vehicles are now coming equipped with connections to cloud services for entertainment and monitoring via 4G or satellite connectivity. While this opens up a new cyber-front for hackers, it turns out that old-fashioned closed-system vehicles are hackable too.

  13. Whistleblower Blows Whistle on Barclays Bank

    A Snowden-style finance whistleblower, who seems to have grown a conscience, has blown the whistle on Barclays bank for the loss and subsequent mis-use of 27,000 files of detailed personal data on customers and potential customers. Those files reached the hands of rogue traders known as 'spank shops.'

  14. Imperva Buys Skyfence and Incapsula to Improve its Cloud Security Offering

    While launching a new cloud strategy, Imperva has simultaneously announced the acquisition of Skyfence (a cloud security start-up) and Tomium (a mainframe monitoring firm); and has agreed to buy the remaining shares in its majority owned subsidiary, Incapsula.

  15. Target Hackers May Have Gotten In Through the Air Conditioner

    More details of the Target breach continue to be revealed, with the latest intel pointing to the air conditioning guys being used as an entry point by the hackers. The hackers came in through the vents, so to speak.

  16. Bredo Botnet: Is it Coming Back?

    Earlier in the week, many consumers experienced a big spike in email spam volume – messages targeting containing financial malware that's familiar from the not-too-distant past.

  17. US and Belarus Take Home Top Honors in Spam Rankings

    The US is once again the world’s spammiest nation, topping the 2013 “Spampionship” league table published by Sophos.

  18. Barclays Leads in Web Security among UK Banks

    When it comes to banks, Barclay’s arguably has one of the highest profiles in the world, thanks to its sponsorship of the English Premier League. But it should be known for something else as well: it came in first in security functionality in Forrester Research’s review of the eight top UK bank and building society sites.

  19. GCHQ Used DDoS Attack on Anonymous' Communications

    A top secret presentation by GCHQ at a 2012 NSA conference called SIGDEV shows that the hitherto unknown GCHQ Joint Threat Research Intelligence Group launched a DDoS attack (called Rolling Thunder) on the IRC communications channels used by Anonymous and LulzSec.

  20. PoS Breaches Spread with Thousands Affected at Marriott and Holiday Inn Locations

    Target. Neiman Marcus. Michaels. The retail sector continues to crop up with point-of-sale (PoS)-led data breaches. But a new security breach affecting 14 Marriott, Holiday Inn, Westin, Renaissance and Radisson properties demonstrates that hospitality franchises are being targeted as well.

Why Not Watch?

  1. Audit & Compliance in the Era of AI and Emerging Technology

  2. Exposing AI’s Blind Spots: Security vs Safety in the Age of Gen AI

  3. Revisiting CIA: Developing Your Security Strategy in the SaaS Shared Reality

  4. How Mid-Market Businesses Can Leverage Microsoft Security for Proactive Defenses

What’s Hot on Infosecurity Magazine?