Infosecurity News

  1. Industrial Sector's Confidence Outruns its Security Preparedness

    When it comes to industrial systems, manufacturers believe they’re doing well in terms of cybersecurity, even as data breaches are actually increasing. In an era of increasing cyber-espionage by state-sponsored attackers, PricewaterhouseCoopers (PwC) said that despite “significant security improvements, they have not kept pace with today’s determined adversaries” as they continue to “rely on yesterday’s security practices to combat today’s threats.”

  2. Was Nortel's Ottawa Campus bugged?

    On Monday of this week it was reported that listening devices had been found in the former Nortel campus – due to be occupied by the Canadian Department of National Defence (DND). DND has since denied this; but the accusation remains.

  3. Yahoo Swap Bug Bounty Tshirt for $15,000

    On Tuesday this week Infosecurity reported that Yahoo had offered the equivalent of $12.50 (being a voucher redeemable in the company shop) as a reward for responsibly disclosed vulnerabilities. Launch of a new Yahoo reward program has now been rushed forward.

  4. Silk Road Shut Down, and Dread Pirate Roberts Arrested

    Silk Road is perhaps the most infamous illicit marketplace on the hidden (dark) web. It has been seized and shutdown by the feds; and its owner, allegedly Ross William Ulbricht (aka Dread Pirate Roberts), has been arrested.

  5. NSA, DHS Retool Cybersecurity Curriculum Requirements

    Cybersecurity training programs at colleges and universities across the United States are being required to apply new curriculum standards established by the National Security Agency and the U.S. Department of Homeland Security.

  6. Fake Facebook Mobile Login Steals Credit Card Info

    A mobile phishing page is popping up that mimics the official Facebook mobile login page. In and of itself this is not a new gambit—but this particular phish looks to steal more than login credentials.

  7. LexisNexis Data Thieves Hack National White Collar Crime Center

    The National White Collar Crime Center (NW3C) - a congressionally-funded non-profit organization that provides training, investigative support and research to agencies and entities involved in the prevention, investigation and prosecution of cybercrime - has been hacked, according to researcher Brian Krebs' investigation.

  8. Symantec Takes Down a Sizeable Chunk of the ZeroAccess Botnet

    The ZeroAccess botnet, the bandwidth-intensive bug that is known as the most pervasive bot around the world, has had some of the wind knocked out of it. Security firm Symantec has executed a sinkholing operation that took down more than half a million bots and made a serious dent to the number of bots controlled by the botmaster.

  9. APT Threat Actors Exploit IE Vulnerability

    An IE zero-day vulnerability only made public knowledge by Microsoft two weeks ago has already been used by multiple APT threat actors, including Deputy Dog, Taidoor, th3bug, and Web2Crew.

  10. Project Sonar Kicks Off Crowdsourced, Internet-Wide Security Scanning

    Crowdsourcing is being used for everything from start-up funding to news reporting, and it makes sense that the idea would make it to the security community. Rapid7 has kicked off Project Sonar, a collaborative effort to improve security through the active, comprehensive analysis of public networks. This includes running enormous scans across public internet-facing systems, organizing the results and sharing the data with the information security community.

  11. NSA Creates Detailed Graphical Analyses that Include Americans' Metadata

    The latest Edward Snowden leaks show that the NSA not merely collects metadata (everything about a communication excluding the content) from Americans and non-Americans alike, it generates automatic graphical analyses from that data.

  12. Britain's Defense Policy Adds Cyber Deterrence to Nuclear Deterrence

    "You deter people by having an offensive capability. We will build in Britain a cyber strike capability so we can strike back in cyber space against enemies who attack us," said UK Defence Secretary Philip Hammond.

  13. London Teenager Arrested in Connection with Spamhaus DDoS

    In March this year, anti-spam website Spamhaus suffered a distributed denial-of-service (DDoS) attack that peaked at 300 gigabits per second, the largest ever recorded and sufficient to disrupt the internet itself in some parts of Europe.

  14. (ISC)² Congress 2013: Financial Market Manipulation Poised as Next Wave in Cybercrime

    Scott Borg, the man who foresaw a Stuxnet-style cyber-attack years before it was discovered, has issued his latest prediction: manipulation of financial markets will be the long-term cybercrime wave of the future.

  15. Intermedia Buys UK Cloud SSO firm SaaSID

    Intermedia, a US provider of cloud-based business applications, has acquired SaaSID, a UK start-up that provides SSO across all cloud services from any device.

  16. The Five Personas of Cloud Adoption

    It is no longer enough to say that business comprises those who have adopted cloud technology and those who will adopt cloud technology. New research from NTT Com Security (erstwhile Integralis) describes five separate personas in attitude to cloud; although they still range from those that have yet to adopt to those that have totally embraced the new technology.

  17. In 2020, Cyberthreats Get Physical and the Internet of Things Opens Gaping Security Holes

    From cloud-powered denial-of-service attacks and Big Data vulnerabilities to bio-hacks that defeat authentication systems like fingerprint recognition, we are on the cusp of a brave new world of cyber-attack exploits, Europol warns.

  18. Companies' Cloud Risk Assessments Are Wildly Off

    Even as headlines focus on the security of one’s internet-based cloud communications, at least one study shows that organizations lack the information to understand and mitigate the broader set of risks posed by the use of cloud services. In fact, their assumptions about which services are risky to use tend to be significantly off.

  19. Icefog: APT Hackers for Hire and Deliveries to Order

    While traditional APTs attack high profile major industry targets with persistent and evasive malware, researchers have described a new approach: small scale, fast moving hackers that target the supply chain.

  20. Vulnerability: Javascript Allowed to Run in the Mailbox iOS App

    Mailbox has fixed a flaw in the Mailbox app client (that allows embedded Javascript to run) by filtering out JS code at the company's servers before the mail hits the client – all within 48 hours of full disclosure.

Why Not Watch?

  1. Mastering AI Security With ISACA’s New AAISM Certification

  2. How Mid-Market Businesses Can Leverage Microsoft Security for Proactive Defenses

  3. Modernizing GRC: From Checkbox to Strategic Advantage

  4. Audit & Compliance in the Era of AI and Emerging Technology

What’s Hot on Infosecurity Magazine?