Infosecurity News

  1. 64-bit, Tor-enabled Zeus Variant Spotted in the Wild

    Perhaps it was inevitable, but a 64-bit version of the Zeus banking trojan has been spotted in the wild – and it now comes enhanced with Tor.

  2. Sweden's Intelligence Agency has Access to NSA's XKeyscore system

    Sweden has sometimes been called the 'Sixth Eye' – referring to the English-speaking Five Eyes SIGINT alliance – suggesting a close working relationship between Sweden's FRA and the NSA and GCHQ. New documents suggest that it has access to the XKeyscore tool, and has helped in the Quantum hacking program.

  3. Hacked WordPress Site Hosts Thousands of Links to Pharmacy Scams

    The issue of hacked WordPress sites continues to persist, as evidenced by one victimized URL being used to host links to thousands if not millions or billions of shady pharmaceutical sites without the knowledge of the owners.

  4. Patch Tuesday: December 2013

    Eleven Microsoft bulletins including ten critical vulnerabilities – some of which are already being actively exploited – affecting all supported versions of Windows, Office, SharePoint, Exchange, and Lync make for a busy last month of a busy year (106 bulletins all told) for sys admins.

  5. Obamacare-baited Malware Scam Mashes Up iPhones, Video Players

    The old adage of "if it’s too good to be true that it usually is," continues to hold water. An elaborate social engineering lure using the Affordable Care Act as bait is unfolding, with the end goal of serving up an executable file containing malware.

  6. Cyber-espionage Campaign Ahead of G20 Summit Compromised Several European Ministries

    Ahead of the G20 summit in Russia in late summer, a group of perpetrators (who may be Chinese) carried out a targeted attack on diplomatic missions, including ministries of foreign affairs (MFA), using the crisis in Syria as social engineering bait.

  7. Major Browsers Block an Improperly Issued Certificate

    SSL certificates are designed to provide trust in the internet. They are issued by trusted Certificate Authorities to prove that a site is indeed the site it claims to be. But if a certificate is forged, lost, or improperly issued, it provides false trust that can lead to man-in-the-middle cyber attacks.

  8. NSA/GCHQ Turn World of Warcraft into World of Spycraft

    Online gamers use false names and characters to meet, chat and interact with other people from all over the world anonymously. NSA and GCHQ began to suspect that criminals and terrorists were using these virtual worlds, such as World of Warcraft, XBox Live and Second Life to 'hide in plain site' – and began a concerted effort to infiltrate gaming.

  9. FBI Can Activate Webcams Remotely Without the Light Coming On

    Whether hackers are able to remotely switch on victims' webcams without the camera light giving the game away has been the subject of some debate. Now we learn that not only can it be done, it is done by the FBI.

  10. Lawyer Throws Spanner in EU Data Protection Regulation

    Two months after European justice ministers agreed the principle of the 'one-stop-shop' for data protection rulings, Hubert Legal (head of legal services for the European Council; that is, the member states) declared it would be a bad outcome likely in breach of European human rights.

  11. Dexter POS Malware Returns to Target Holiday Shoppers

    At least three distinct versions of the Dexter point of sale (POS) malware are making the rounds this holiday season, designed to steal credit and debit card data from unwitting shoppers.

  12. 2 Million-Strong ZeroAccess Botnet Disrupted by Microsoft and Law Enforcement

    An international cooperative effort involving Microsoft, the FBI, Europol and A10 Networks has disrupted the ZeroAccess (Sirefef) P2P ad fraud botnet. ZeroAccess is believed to use up to 800,000 out of a total of two million infected PCs at any time, mostly in the US and Europe, capable of stealing $2.7 million from online advertisers every month.

  13. SkyJack: For Taking Over and Zombifying Drones

    Amazon made headlines this week with the news that its experimenting with using airborne drones to deliver goods within 30 minutes of order. What could possibly go wrong? Infamous hacker Samy Kamkar highlights one issue with the release of SkyJack – a drone that’s meant to take over other drones.

  14. German Police Arrest Two Bitcoin-mining Botnet Operators

    Two alleged hackers have been arrested in Bavaria and Lower Saxony on suspicion of operating a botnet of compromised PCs to perform bitcoin mining. In related raids, the authorities discovered bitcoins currently valued at around €700,000 and evidence of other criminal activity involving copyright and pornography offenses.

  15. Cameron Says China Should Be More Open About Cyber-spying, but Guardian Should be Less

    In Beijing, UK Prime Minister David Cameron has challenged the Chinese Government to discuss its industrial-scale cyber-espionage, while in London the Guardian is under legal threat for disclosing GCHQ's own efforts in this area.

  16. ENISA Issues Good Practice Guide for Industrial Control System CERTs

    The European Network and Information Security Agency (ENISA) has published a good practice guide designed to help the critical infrastructure mitigate cyber-attacks against the industrial control systems supporting vital industry processes.

  17. Simple Yet Elegant Card Skimmer Goes on Sale in Time for the Holidays

    A new point-of-sale (POS) skimmer, used for lifting credit card details and PIN data at retail locations, has gone on sale for thousands of dollars on semi-private underground crime forums. The skimmer is notable in that it can be installed and removed in the blink of an eye.

  18. 700 Domains seized by ICE, Europol and Hong Kong Customs on Cyber Monday

    This year's Cyber Monday, traditionally the start of the holiday online shopping season, marked the end of it for more than 700 websites involved in selling counterfeit merchandise – all seized in a joint operation between ICE (297), Europol (393) and Hong Kong Customs (16).

  19. Javascript Sidedoors Vulnerability Affects Thousands of Mobile Apps

    This story has been temporarily removed, due to dispute with the report the story was based on. We are awaiting amends from the report authors before re-posting an updated story.

  20. FBI Issues Warning on 'Man-in-the-E-mail' Fraud Attacks

    Man-in-the-email is a variation on the man-in-the-middle attack. In this fraud the attacker takes an e-mail position between a buyer and seller, and is able to defraud the buyer out of funds and the seller out of goods. The FBI knows at least three US companies tricked by such a scam in 2013.

Why Not Watch?

  1. Time Is a New Attack Surface: Securing Networks with Trusted Time Synchronization

  2. How To Enhance Security Operations with AI-Powered Defenses

  3. Exposing AI’s Blind Spots: Security vs Safety in the Age of Gen AI

  4. Revisiting CIA: Developing Your Security Strategy in the SaaS Shared Reality

What’s Hot on Infosecurity Magazine?