Infosecurity News

  1. Javascript Sidedoors Vulnerability Affects Thousands of Mobile Apps

    This story has been temporarily removed, due to dispute with the report the story was based on. We are awaiting amends from the report authors before re-posting an updated story.

  2. FBI Issues Warning on 'Man-in-the-E-mail' Fraud Attacks

    Man-in-the-email is a variation on the man-in-the-middle attack. In this fraud the attacker takes an e-mail position between a buyer and seller, and is able to defraud the buyer out of funds and the seller out of goods. The FBI knows at least three US companies tricked by such a scam in 2013.

  3. Bitcoin Mining: There's a Right Way and a PUP Way

    With the value of bitcoins having tipped $1000, bitcoin mining is increasingly attractive; but it is also resource-intensive, and the 'bounty' earned by miners is dropping. One company has built a specialist data center to do the mining; another dubiously harnesses the power of its users' PCs.

  4. 90,000 Patients Compromised at UW Medicine

    The University of Washington Medical Center (UW Medicine) was breached in October, with data of up to 90,000 patients of the Harborview Medical Center and University of Washington Medical Center affected. No medical data was stolen, but SSNs may have been lost.

  5. Blackshades RAT Has a Resurgence

    A prominent remote administration tool (RAT) known as Blackshades is seeing an uptick lately, despite one of its authors having been arrested last year.

  6. The Paradox of OSS: More Secure by Definition; Often Less Secure in Use

    One side-effect of the Snowden revelations and rumors and accusations of government-inspired backdoors in mainstream software products is increased interest in open source software (OSS). But while OSS comes with more inherent trust, it is often used with less security.

  7. Defeating Eavesdropping in Wireless Communications

    While it is possible – to some degree – to protect a physical cable, wireless communications are out in the open, ready to be plucked from the air. Encryption has been considered the only way to protect wireless data – until now.

  8. Mass Surveillance: EU Gets More Cooperation From Washington Than London

    It was clear last week that the European Parliament's demand for legal redress in US courts for Europeans whose rights may have been infringed by US surveillance would be a sticking point in negotiations between the EU and US over data sharing. Now commissioner Reding has made it clear that her concerns are more widespread.

  9. AutoCAD Malware Targets Industrial Espionage

    Historically, AutoCAD malware is very rare, although not completely unheard of – there was an attack last year that targeted users mostly in Peru, for example. A new bug is now making the rounds, targeting these graphics and engineering platforms with exploits targeting old vulnerabilities. The goal is industrial espionage, but it could take a multi-layer infection to do it.

  10. Thanksgiving and Cyber Monday Approach: Watch Your Employees

    Door-busters, Black Friday, Cyber Monday: According to Visa, 140 million people plan to shop over Thanksgiving weekend this year – a significant decrease from the 247 million who did so in 2012. Nonetheless, 37% of Americans said they will shop on Black Friday, while 34% plan to shop on Cyber Monday. And that means security risk for companies, whose employees will undoubtedly be shopping online during work hours.

  11. i2Ninja Banking Trojan Uses Tor-like P2P Encryption

    Banking trojans continue to be the scourge of the web, with Zeus, Citadel, Ramnit, Spyeye and others continuing to infect machines on a widespread basis. But a new offering has been uncovered in a Russian cybercrime forum, a malware variant that, until now, has been working incognito – the i2Ninja malware.

  12. PayPal Vulnerabilities – Just How Serious Were They?

    Last week, German security company Vulnerability Lab published details on the Full Disclosure mailing list about a series of bugs it had discovered in PayPal. These were a persistent payment mail encoding vulnerability; a persistent search vulnerability; a persistent POST inject vulnerability; and a China - redirect web vulnerability.

  13. NSA Has Hacked 50,000 Computers Globally

    New revelations published by the Dutch newspaper NRC indicate that the NSA's Tailored Access Operations (TAO) may have infected more than 50,000 computer networks around the world with spyware that it can turn on and off at will remotely.

  14. Racing Post Breached; Users' Passwords Stolen

    Racing Post, a British horse racing, greyhound racing and betting newspaper, announced Sunday that its website had been breached and usernames, first and last names, passwords, email addresses and date of birth have been stolen.

  15. GitHub Resets Passwords After Mass-scale Brute-force Attack

    A methodical brute-force password-guessing attack on web hosting development site GitHub has resulted in a mass password reset and the revocation of various security authorizations.

  16. Symantec Finds the Early Stages of a Server-based Botnet Build

    Trojan backdoors have traditionally attacked desktop and now mobile computers. In recent months, however, attackers have started to target servers. Two typical purposes are to use server bandwidth for powerful distributed denial-of-service (DDoS) campaigns and to use the server to compromise web pages to deliver drive-by or water hole attacks against visitors.

  17. Anonymous Said to be Exploiting ColdFusion in Government Hacks

    The ongoing cyber-attacks by Anonymous on US government websites are being made possible thanks to an exploit for Adobe ColdFusion.

  18. Lenovo Network Storage Flaw Revealed, and Patched

    A new vulnerability in Lenovo network storage devices has been uncovered. The flaw can potentially be exploited by an attacker to gain unauthorized remote read-only access to network-attached storage (NAS) shares.

  19. Botnet Takedowns: Effective or Deceptive?

    This year has seen a few high-profile wins for the good guys in the form of botnet takedowns, especially those by Microsoft and Symantec earlier this year. But at least one security researcher is warning against rejoicing too heartily: the takedowns, he said, do little to make an impact on web safety for end users – and actually point out ongoing industry weakness in being able to mitigate bots.

  20. Is there a vBulletin Zero-day Out There?

    Last Thursday the Inj3ct0r Team hacking group claimed on Twitter, "Inj3ct0r Team hacked http://vBulletin.com and http://Macrumors.com." By Friday vBulletin admitted the breach, and on Monday it was reported that a zero-day vulnerability used against both MacRumors and vBulletin had been put on sale by Inj3ct0r.

Why Not Watch?

  1. Time Is a New Attack Surface: Securing Networks with Trusted Time Synchronization

  2. Revisiting CIA: Developing Your Security Strategy in the SaaS Shared Reality

  3. Five Non-Negotiable Strategies to Get Identity Security Right in 2026

  4. Securing M365 Data and Identity Systems Against Modern Adversaries

What’s Hot on Infosecurity Magazine?