Infosecurity News

  1. Chewbacca Turns Up as Part of 11-Country Malware Campaign Against Retailers

    The Chewbacca keylogging malware has been spotted in the wild, and we don’t meet on Yavin 4 or Endor: it’s been uncovered as part of a global point-of-sale (PoS) malware campaign right here on Planet Earth.

  2. Personal Details of 800,000 Orange Users Stolen

    But not their passwords. Last Friday a French publication provided details on the data stolen from French mobile operator, Orange. The breach occurred on 16 January, and involved the loss of names, addresses, email addresses, phone numbers and 'household composition' for approximately 800,000 customers.

  3. Chaos Computer Club Files Criminal Complaint Against German Government

    Following its involvement in the complaint to the European Court over the UK government's use of mass surveillance via GCHQ, Germany's Chaos Computer Club has now filed a complaint with the Federal Prosecutor General's office against the German federal government alleging illegal covert activities.

  4. Bell Canada Hacked by NullCrew

    Bell Canada announced Sunday that "22,421 user names and passwords and 5 valid credit card numbers of Bell small-business customers were posted on the Internet this weekend." It claims that it was not directly breached, but that the "posting results from illegal hacking of an Ottawa-based third-party supplier." But there's more to the story.

  5. NSA/GCHQ Hacking Gets Personal: Belgian Cryptographer Targeted

    Belgian newspaper De Standaard reported Saturday that the federal prosecutor is investigating the hacking of Jean-Jacques Quisquater, a renowned cryptographer and professor at the Université catholique de Louvain, close to Brussels. The hack was discovered while the authorities were investigating the breach at Belgacom.

  6. Sex and Violence: Teens' Risky Online Behavior Increases Cyber-bullying

    Most parents worry about their kids’ online behavior, especially as news of Facebook suicide campaigns, sexting and other alarming digital phenomena dominate the headlines.

  7. Honey Encryption joins Honeywords and Honeypots in the Security Lexicon

    'Honey' is the traditional term used to indicate a 'decoy' in computing. Two researchers have now used the epithet to describe their process of hiding a true key within a large number of false keys, making brute forcing stolen databases considerably more tricky.

  8. Multi-platform Java Bot Provokes DDoS Floods

    A new malicious Java application aimed at fomenting widespread distributed denial-of-service (DDoS) attacks is making the rounds: a multi-platform bot capable of running on Windows, Mac OS and Linux.

  9. Google sells Motorola to Lenovo

    Patent stripping is a form of asset stripping – but less destructive. It seems to be what Google has done with Motorola. It bought Motorola for $12.5 billion in 2011, and announced an agreement yesterday to sell it to Lenovo for $2.91 billion – minus the patents.

  10. SpyEye Trojan Author Pleads Guilty As Charged

    The FBI announced yesterday that Aleksandr Andreevich Panin, aka 'Gribodemon' and 'Harderman' has pled guilty to charges accusing him of being the primary developer and distributor of the SpyEye banking trojan.

  11. Mozilla Patches Thunderbird Remote Exploit Vulnerability

    Mozilla Thunderbird, a free, open-source, cross-platform application for managing email and news feeds, has a critical validation and filter bypass vulnerability in version 17.0.6.

  12. The Blackholing Side-effect of IP Reputation Filtering

    A new report from a secure cloud hosting company shows that the effective use of IP reputation filtering creates an additional, or 'blackhole', layer of security. When probes from known attack sites return no response, the attackers don't probe deeper, they just give up and move on to an easier target.

  13. NSA and GCHQ Harvest User Data From Leaky Mobile Apps

    Security experts have long warned that users should be more concerned about the sometimes excessive personal data that some apps take from their hosts. Now it seems that criminals and advertisers are not the only people interested in this information: NSA and GCHQ have been developing the ability to take advantage of leaky mobile apps.

  14. Michaels Investigates Possible Data Breach

    Hard on the heels of Target and Neiman Marcus being hit with point-of-sale cyber-heists, another retailer is warning of a potential data breach. The arts-and-crafts supply purveyor Michaels has confirmed that it is working with the US Secret Service to investigate whether fraudulent activity on some payment cards used at its stores is a sign of a larger compromise of its systems.

  15. 13 Indicted for Stealing $2 Million in Gas Pump Skimming Scam

    Paying for gas at the pump has become a way of life, but even this innocuous activity can open consumers up to identity theft. Case in point: thirteen defendants are facing a whopping 426-count indictment in Manhattan for stealing more than $2 million by way of skimming devices at gas stations throughout the Southern United States.

  16. 74,000 Data Records Breached on Stolen Coca-Cola Laptops

    Coca-cola admitted Friday to the theft of an unspecified number of laptops containing personal information on 74,000 individuals – including, it turns out, variously social security numbers, driving license details, salaries, and ethnicity; but fewer than ten credit card numbers. Data loss prevention, it would appear, was not in operation.

  17. Multiple Hacker Arrests in Collaborative International Operation

    The FBI announced Friday that it had arrested two operators of a US-based e-mail hacking website, and three customers of foreign e-mail hacking sites. Operators of foreign e-mail hacking sites were arrested by national authorities in Romania, India and China in what is believed to be the first joint operation involving these four countries.

  18. Syrian Electronic Army Escalated Tactics Over 2013; Poised for More this Year

    The hacktivist group known as the Syrian Electronic Army was a particularly active adversary in the second half of 2013, and remains one of the top global threat actors to watch in the coming year as the Syrian conflict drags on – not least because of the group’s ability to morph its techniques to keep things interesting.

  19. New Android Malware Intercepts Calls and Texts

    Mobile malware victims may have several reactions upon discovering a smartphone infection, but chuckling is likely not one of them. Nonetheless, a new Android malware threat dubbed "HeHe" has been identified that steals text messages and intercepts and disconnects phone calls.

  20. Energetic (Russian) Bear Attacking Western Energy Sector

    Energetic Bear is the name given to a hacking group, most likely Russian, that appears to be primarily targeting the western energy sector. Although only one part of a new Global Threat Report for 2013, it is the part attracting most attention and interest: Russia is potentially joining China (and the NSA) as an alleged source of state-sponsored espionage.

Why Not Watch?

  1. Modernizing GRC: From Checkbox to Strategic Advantage

  2. OT Security Ecosystem for Targeted Risk Reduction and Reporting

  3. Mastering AI Security With ISACA’s New AAISM Certification

  4. Risk-Based IT Compliance: The Case for Business-Driven Cyber Risk Quantification

What’s Hot on Infosecurity Magazine?