Infosecurity News

  1. Defeating Eavesdropping in Wireless Communications

    While it is possible – to some degree – to protect a physical cable, wireless communications are out in the open, ready to be plucked from the air. Encryption has been considered the only way to protect wireless data – until now.

  2. Mass Surveillance: EU Gets More Cooperation From Washington Than London

    It was clear last week that the European Parliament's demand for legal redress in US courts for Europeans whose rights may have been infringed by US surveillance would be a sticking point in negotiations between the EU and US over data sharing. Now commissioner Reding has made it clear that her concerns are more widespread.

  3. AutoCAD Malware Targets Industrial Espionage

    Historically, AutoCAD malware is very rare, although not completely unheard of – there was an attack last year that targeted users mostly in Peru, for example. A new bug is now making the rounds, targeting these graphics and engineering platforms with exploits targeting old vulnerabilities. The goal is industrial espionage, but it could take a multi-layer infection to do it.

  4. Thanksgiving and Cyber Monday Approach: Watch Your Employees

    Door-busters, Black Friday, Cyber Monday: According to Visa, 140 million people plan to shop over Thanksgiving weekend this year – a significant decrease from the 247 million who did so in 2012. Nonetheless, 37% of Americans said they will shop on Black Friday, while 34% plan to shop on Cyber Monday. And that means security risk for companies, whose employees will undoubtedly be shopping online during work hours.

  5. i2Ninja Banking Trojan Uses Tor-like P2P Encryption

    Banking trojans continue to be the scourge of the web, with Zeus, Citadel, Ramnit, Spyeye and others continuing to infect machines on a widespread basis. But a new offering has been uncovered in a Russian cybercrime forum, a malware variant that, until now, has been working incognito – the i2Ninja malware.

  6. PayPal Vulnerabilities – Just How Serious Were They?

    Last week, German security company Vulnerability Lab published details on the Full Disclosure mailing list about a series of bugs it had discovered in PayPal. These were a persistent payment mail encoding vulnerability; a persistent search vulnerability; a persistent POST inject vulnerability; and a China - redirect web vulnerability.

  7. NSA Has Hacked 50,000 Computers Globally

    New revelations published by the Dutch newspaper NRC indicate that the NSA's Tailored Access Operations (TAO) may have infected more than 50,000 computer networks around the world with spyware that it can turn on and off at will remotely.

  8. Racing Post Breached; Users' Passwords Stolen

    Racing Post, a British horse racing, greyhound racing and betting newspaper, announced Sunday that its website had been breached and usernames, first and last names, passwords, email addresses and date of birth have been stolen.

  9. GitHub Resets Passwords After Mass-scale Brute-force Attack

    A methodical brute-force password-guessing attack on web hosting development site GitHub has resulted in a mass password reset and the revocation of various security authorizations.

  10. Symantec Finds the Early Stages of a Server-based Botnet Build

    Trojan backdoors have traditionally attacked desktop and now mobile computers. In recent months, however, attackers have started to target servers. Two typical purposes are to use server bandwidth for powerful distributed denial-of-service (DDoS) campaigns and to use the server to compromise web pages to deliver drive-by or water hole attacks against visitors.

  11. Anonymous Said to be Exploiting ColdFusion in Government Hacks

    The ongoing cyber-attacks by Anonymous on US government websites are being made possible thanks to an exploit for Adobe ColdFusion.

  12. Lenovo Network Storage Flaw Revealed, and Patched

    A new vulnerability in Lenovo network storage devices has been uncovered. The flaw can potentially be exploited by an attacker to gain unauthorized remote read-only access to network-attached storage (NAS) shares.

  13. Botnet Takedowns: Effective or Deceptive?

    This year has seen a few high-profile wins for the good guys in the form of botnet takedowns, especially those by Microsoft and Symantec earlier this year. But at least one security researcher is warning against rejoicing too heartily: the takedowns, he said, do little to make an impact on web safety for end users – and actually point out ongoing industry weakness in being able to mitigate bots.

  14. Is there a vBulletin Zero-day Out There?

    Last Thursday the Inj3ct0r Team hacking group claimed on Twitter, "Inj3ct0r Team hacked http://vBulletin.com and http://Macrumors.com." By Friday vBulletin admitted the breach, and on Monday it was reported that a zero-day vulnerability used against both MacRumors and vBulletin had been put on sale by Inj3ct0r.

  15. Millions in the UK Targeted by CryptoLocker Ransomware Spam

    CryptoLocker, the ransomware menace that has been snowballing in profile of late, is stepping up its game even further. The UK’s National Crime Agency (NCA) is warning that its National Cyber Crime Unit are aware of a mass email spamming event that is affecting tens of millions of residents.

  16. Cyber-risk Transparency Spurring Cyber-insurance Interest

    US public companies are more forthcoming with details regarding their cybersecurity risk profiles – and more transparency regarding cyber-risk and cyber-attacks is expected to drive greater adoption of cyber-insurance as a means of demonstrating better corporate risk management.

  17. FBI Issues New Warning on Continuing Anonymous Hacks

    Back in August the FBI announced that it had neutralized Anonymous "because of the dismantlement of the largest players." This seemed to be confirmed with the October arrest of Brit Lauri Love for hacking thousands of networks including those of federal agencies.

  18. BadBIOS – the God of Malware?

    Over the past few weeks, Dragos Ruiu has provided details of a mystery infection that first attacked his computers some three years ago. He can't find it, he can't get rid of it, it survives reboots and clean installs, and seems to spread via wireless audio waves. It's either the God of Malware, an elaborate hoax, a publicity stunt – or Dragos Ruiu has gone mad.

  19. Fidelity Investments Cyber-heist Suspects Arrested in California

    Masterminds behind a large-scale cyber-heist at Fidelity Investments in California have been arrested.

  20. Google Patches 12 Flaws, Pays $11K Bug Bounty in Chrome Update

    Google has patched 12 security vulnerabilities in the latest version of its browser, Chrome 31, paying out almost $11,000 in bug bounties in the process.

Why Not Watch?

  1. OT Security Ecosystem for Targeted Risk Reduction and Reporting

  2. Modernizing GRC: From Checkbox to Strategic Advantage

  3. Revisiting CIA: Developing Your Security Strategy in the SaaS Shared Reality

  4. Audit & Compliance in the Era of AI and Emerging Technology

What’s Hot on Infosecurity Magazine?