Infosecurity News

  1. Boston Restaurant Group Hit by Data Breach

    Customers at eight Boston-area dining establishments owned by the Briar Group may have had their credit and debit card data stolen. The mix of restaurants and Irish-style pubs are popular around the metro area, and include Anthem, City Bar, City Table, MJ O'Connor's, Ned Devine's, Solas, The Green Briar and The Harp.

  2. 4.6 Million Snapchat Usernames and Phone Numbers Leaked

    Back in August, GibsonSec warned that Snapchat's API was insecure, and offered to help. It got no response, other than Snapchat adding some security features and implying it was safe. Apparently frustrated, GibsonSec published full details on Christmas Day.

  3. Syrian Electronic Army Hacks Skype – Allegedly

    Reports have emerged this morning about a short-lived hack of Skype's Twitter and WordPress accounts by the Syrian Electronic Army. No evidence of the hack remains, although screenshots purportedly demonstrate that it happened. Unusually, it is in protest of NSA surveillance and alleged Microsoft complicity, rather than Western involvement in Syria.

  4. CryptoLocker's Ransom Haul Potentially Close to $1 Million in 100 Days

    CryptoLocker, the ransomware that uses a public-private key combo to potentially lock out victims from their files forever, has been striking since mid-September. And since it made its debut, it’s managed to make off with at least $300,000, one $300-or-less ransom payment at a time.

  5. Global Stock Exchanges Band Together on Cybersecurity Initiative

    A worldwide group of top stock exchanges have gotten together to launch the industry’s first cybersecurity committee, with a mission to aid in the protection of global capital markets.

  6. RSA Received $10 Million from the NSA to Make Flawed Crypto its Default Offering

    The accusation, made Friday by Reuters, is that "RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software."

  7. UK's ICO Issues Guidelines for an 'Appy' Christmas

    The UK’s Information Commissioner’s Office (ICO) is warning consumers to protect their personal information when downloading mobile apps, ahead of the busiest day of the year for app downloads. In tandem, it also issued guidance to help developers look after people’s information correctly and comply with the UK's Data Protection Act.

  8. Target Breach Affecting 40 Million Was Likely an Inside Job

    The US, originator of Black Friday holiday sales and the dubious homeland of in-store, post-Thanksgiving brawls over hot toys (remember Tickle-Me Elmo?), has been hit with the largest retail breach of credit and debit card information of 2013. In fact, at 40 million affected and counting, the security incident at Target may be one of the largest retail breaches ever.

  9. Industry Predictions for 2014; Part 3: The Effect and Influence of Government

    In Part 3 of our week-long look at industry predictions, we examine the effect and influence of government. There are two primary aspects: the influence of government (regulations); and the effect of government (which has been shown in the latter half of 2013 to have turned the internet into its own private surveillance machine).

  10. Bruce Schneier Leaves BT

    Bruce Schneier, BT's security futurologist, is leaving the company after eight years. In June 2013 he joined the board of digital rights firm Electronic Frontier Foundation, and has – since the Snowden revelations began – been a fierce critic of NSA/GCHQ mass surveillance. With BT increasingly implicated in GCHQ collaboration, it has become clear that the two positions are incompatible.

  11. Big Botnet, Posing as Firefox Add-on, Scans Web for SQL Vulnerabilities

    A slaving operation masquerading as a legitimate add-on for the Mozilla Firefox browser has created a 12,500-PC strong botnet army whose purpose is to find exploitable websites.

  12. Department of Energy Failed to Address Known Cybersecurity Weaknesses

    The US Department of Energy’s failure to address known cybersecurity weaknesses was a direct cause of a July 2013 data breach that affected more than 104,000 individuals, according to federal auditors.

  13. 61.5% Web Traffic Comes from Bots

    The internet is a pretty busy place, with traffic increasing year over year exponentially. According to the Cisco Visual Networking Index, global IP traffic has increased more than fourfold in the past five years, and will increase threefold in the coming five years. Overall, IP traffic will grow at a compound annual growth rate (CAGR) of 23% from 2012 to 2017. And yet, most of that traffic will be non-human in origin.

  14. China's Plot to Brick the US Economy

    NSA Information Assurance Director Debora Plunkett made a remarkable accusation on CBS 60 Minutes: the NSA had spotted and foiled a plot to unleash a supervirus capable of bricking computers. "The attack would have been disguised as a request for a software update," she told CBS. "If the user agreed, the virus would’ve infected the computer... Think about the impact of that across the entire globe. It could literally take down the U.S. economy."

  15. Disqus May Not Have Been Hacked; But It Was Certainly Exploited

    Earlier this week a politically motivated group of Swedish investigative journalists linked some supposedly anonymous right-wing comments posted via Disqus to their actual authors. While several of the authors freely admitted to the posts, it also led to a few resignations from the far-right Sweden Democrat political party.

  16. 100% of Top Paid Android Apps Have Been Hacked

    Word that mobile malware is rather pervasive has been making the rounds for months, but a new report has found that a shocking 100% of the Top 100 paid Android apps and 56% of the Top 100 paid Apple iOS apps have been hacked. Averaged together, users have a 78% chance of running into an app that has been compromised at some point.

  17. 64-bit, Tor-enabled Zeus Variant Spotted in the Wild

    Perhaps it was inevitable, but a 64-bit version of the Zeus banking trojan has been spotted in the wild – and it now comes enhanced with Tor.

  18. Sweden's Intelligence Agency has Access to NSA's XKeyscore system

    Sweden has sometimes been called the 'Sixth Eye' – referring to the English-speaking Five Eyes SIGINT alliance – suggesting a close working relationship between Sweden's FRA and the NSA and GCHQ. New documents suggest that it has access to the XKeyscore tool, and has helped in the Quantum hacking program.

  19. Hacked WordPress Site Hosts Thousands of Links to Pharmacy Scams

    The issue of hacked WordPress sites continues to persist, as evidenced by one victimized URL being used to host links to thousands if not millions or billions of shady pharmaceutical sites without the knowledge of the owners.

  20. Patch Tuesday: December 2013

    Eleven Microsoft bulletins including ten critical vulnerabilities – some of which are already being actively exploited – affecting all supported versions of Windows, Office, SharePoint, Exchange, and Lync make for a busy last month of a busy year (106 bulletins all told) for sys admins.

Why Not Watch?

  1. Modernizing GRC: From Checkbox to Strategic Advantage

  2. Risk-Based IT Compliance: The Case for Business-Driven Cyber Risk Quantification

  3. Exposing AI’s Blind Spots: Security vs Safety in the Age of Gen AI

  4. Audit & Compliance in the Era of AI and Emerging Technology

What’s Hot on Infosecurity Magazine?