Infosecurity News

  1. Multiple Hacker Arrests in Collaborative International Operation

    The FBI announced Friday that it had arrested two operators of a US-based e-mail hacking website, and three customers of foreign e-mail hacking sites. Operators of foreign e-mail hacking sites were arrested by national authorities in Romania, India and China in what is believed to be the first joint operation involving these four countries.

  2. Syrian Electronic Army Escalated Tactics Over 2013; Poised for More this Year

    The hacktivist group known as the Syrian Electronic Army was a particularly active adversary in the second half of 2013, and remains one of the top global threat actors to watch in the coming year as the Syrian conflict drags on – not least because of the group’s ability to morph its techniques to keep things interesting.

  3. New Android Malware Intercepts Calls and Texts

    Mobile malware victims may have several reactions upon discovering a smartphone infection, but chuckling is likely not one of them. Nonetheless, a new Android malware threat dubbed "HeHe" has been identified that steals text messages and intercepts and disconnects phone calls.

  4. Energetic (Russian) Bear Attacking Western Energy Sector

    Energetic Bear is the name given to a hacking group, most likely Russian, that appears to be primarily targeting the western energy sector. Although only one part of a new Global Threat Report for 2013, it is the part attracting most attention and interest: Russia is potentially joining China (and the NSA) as an alleged source of state-sponsored espionage.

  5. World Economic Forum Website Faces Vulnerabilities, Just in Time for Davos

    This week, economic and political movers and shakers are set to descend upon Davos, the Swiss ski resort that annually hosts what is arguably one of the most important international confabs in existence: the World Economic Forum. Unfortunately, virtual visitors have more than raclette and high finance to consider: the Forum's website has three known cross-site scripting errors, along with privacy concerns.

  6. Credit Card Details of 20 Million South Koreans Stolen

    In a classic 'insider' breach, an employee of the Korea Credit Bureau (KCB) has been arrested for stealing and later selling the personal details of millions of South Koreans to phone marketing companies. The Financial Supervisory Service (FSS) has said that the credit card firms will cover any financial losses suffered by customers through this incident.

  7. Judge Rules That Google Can Be Sued By Brits In British Courts

    In an important ruling, Mr Justice Tugendhat has cleared the way for the group of Brits known as Safari Users Against Google's Secret Tracking to sue Google in the the British courts. Google had argued that the case should be heard in the US. Mr Justice Tugendhat disagrees.

  8. Cisco Small Biz Wi-Fi Products Remotely Vulnerable

    Popular Cisco Wi-Fi routers for small and medium-sized businesses are in the cross-hairs thanks to a vulnerability that could allow an unauthenticated, remote attacker to gain root-level access to an affected device – and from there intercept information from devices that attach to it.

  9. Trojan Minecraft App Version Uses Smalihook to Defeat Certificate Signing

    A false version of the popular Android Minecraft PE app is being sold via Russian app stores for around half the price of the official app. Since third party app stores are not generally as thorough as Google's Play Store at finding and removing bad apps, they have become a popular means for distributing cloned and compromised apps.

  10. US-CERT Warns of NTP Amplification Attack Surge

    Network Time Protocol (NTP) amplification attacks, an emerging form of distributed denial-of-service (DDoS) that relies on the use of publicly accessible servers, is starting to make the rounds, US-CERT is warning.

  11. Stroz Friedberg Snaps Up Financial Investigations Firm

    The recent acquisition of Tyrian Partners by Stroz Friedberg aims to strengthen international forensic accounting services offered by the multinational forensic investigations specialist.

  12. Patch Tuesday Preview: January 2014

    Microsoft is extending the holiday period for Sys Admins this month: there are only four bulletins in January's Patch Tuesday; and not a single one marked 'critical'. Two, however, will require a restart, while the other two 'may' require a restart – so there will still be a degree of disruption involved.

  13. Two Thirds of Personal Banking Apps Found Full of Vulnerabilities

    A researcher looked at the security of home banking apps, and found shocking results. Forty home banking apps from the top 60 most influential banks in the world were tested and found to have major security weaknesses.

  14. Narrative Authentication Builds Storytelling into Logins

    Keywords, passphrases, 25-digit alphanumeric codes, picture recognition, biometrics –authentication is a notoriously difficult thing to effect while thwarting hackers the majority of the time, given the boundaries of human memory and the rampant presence of human error. To that end, a group of researchers have proposed a new sort of authentication approach that relies on personal stories.

  15. Hacker Nabs Downton Abbey Season Finale Script

    “Guccifer,” a hacker known for lifting high-profile information from A-listers, has managed to nab the script for Downton Abbey’s season finale, while also targeting emails of various other celebrities.

  16. SAP Combines MDM with NAC to Solve its Own Mobile Security Challenges

    Mobile device management (MDM) systems are gaining rapid adoption among enterprises that wish to better manage the increasing number of smartphones and tablets being used in corporate environments.

  17. 2014: ‘The Year of Encryption?’

    Will 2014 see a big uptick in the use of biometric technologies, strong encryption, a rash of new key technologies and more? Some say that the era of having unencrypted data traffic flowing freely inside enterprises will likely soon come to a crashing halt, helped along by the US government, the Apple iPhone and other drivers.

  18. US Backdoors in French Satellites Threatens Billion Dollar Deal With the UAE

    A deal for two French Falcon Eye spy satellites, where cameras can detect very small objects on the ground, is in jeopardy after the UAE buyers claimed they contain US-made parts that are considered 'security compromising components.'

  19. Yahoo Has Been Serving Malware To Its Users

    On Friday 3 January, Dutch security firm Fox-IT detected malicious activity on some of its clients' networks – with a common factor: they had all previously visited yahoo.com. Further investigation revealed malvertising on the Yahoo site – and it is possible that millions of users have been infected via Yahoo.

  20. The Ubiquitous SD Cards can be Hacked to Deliver a MITM Attack

    Two researchers, Andrew 'bunnie' Huang, and Sean 'xobs' Cross, gave a talk at the Chaos Computer Congress describing how the ubiquitous flash memory card can be used to deliver a MITM attack against its host system. The problem is that SD cards are simply trusted, when perhaps they should not be.

Why Not Watch?

  1. Time Is a New Attack Surface: Securing Networks with Trusted Time Synchronization

  2. Audit & Compliance in the Era of AI and Emerging Technology

  3. Securing M365 Data and Identity Systems Against Modern Adversaries

  4. How To Enhance Security Operations with AI-Powered Defenses

What’s Hot on Infosecurity Magazine?