Infosecurity News

  1. NSA and GCHQ Harvest User Data From Leaky Mobile Apps

    Security experts have long warned that users should be more concerned about the sometimes excessive personal data that some apps take from their hosts. Now it seems that criminals and advertisers are not the only people interested in this information: NSA and GCHQ have been developing the ability to take advantage of leaky mobile apps.

  2. Michaels Investigates Possible Data Breach

    Hard on the heels of Target and Neiman Marcus being hit with point-of-sale cyber-heists, another retailer is warning of a potential data breach. The arts-and-crafts supply purveyor Michaels has confirmed that it is working with the US Secret Service to investigate whether fraudulent activity on some payment cards used at its stores is a sign of a larger compromise of its systems.

  3. 13 Indicted for Stealing $2 Million in Gas Pump Skimming Scam

    Paying for gas at the pump has become a way of life, but even this innocuous activity can open consumers up to identity theft. Case in point: thirteen defendants are facing a whopping 426-count indictment in Manhattan for stealing more than $2 million by way of skimming devices at gas stations throughout the Southern United States.

  4. 74,000 Data Records Breached on Stolen Coca-Cola Laptops

    Coca-cola admitted Friday to the theft of an unspecified number of laptops containing personal information on 74,000 individuals – including, it turns out, variously social security numbers, driving license details, salaries, and ethnicity; but fewer than ten credit card numbers. Data loss prevention, it would appear, was not in operation.

  5. Multiple Hacker Arrests in Collaborative International Operation

    The FBI announced Friday that it had arrested two operators of a US-based e-mail hacking website, and three customers of foreign e-mail hacking sites. Operators of foreign e-mail hacking sites were arrested by national authorities in Romania, India and China in what is believed to be the first joint operation involving these four countries.

  6. Syrian Electronic Army Escalated Tactics Over 2013; Poised for More this Year

    The hacktivist group known as the Syrian Electronic Army was a particularly active adversary in the second half of 2013, and remains one of the top global threat actors to watch in the coming year as the Syrian conflict drags on – not least because of the group’s ability to morph its techniques to keep things interesting.

  7. New Android Malware Intercepts Calls and Texts

    Mobile malware victims may have several reactions upon discovering a smartphone infection, but chuckling is likely not one of them. Nonetheless, a new Android malware threat dubbed "HeHe" has been identified that steals text messages and intercepts and disconnects phone calls.

  8. Energetic (Russian) Bear Attacking Western Energy Sector

    Energetic Bear is the name given to a hacking group, most likely Russian, that appears to be primarily targeting the western energy sector. Although only one part of a new Global Threat Report for 2013, it is the part attracting most attention and interest: Russia is potentially joining China (and the NSA) as an alleged source of state-sponsored espionage.

  9. World Economic Forum Website Faces Vulnerabilities, Just in Time for Davos

    This week, economic and political movers and shakers are set to descend upon Davos, the Swiss ski resort that annually hosts what is arguably one of the most important international confabs in existence: the World Economic Forum. Unfortunately, virtual visitors have more than raclette and high finance to consider: the Forum's website has three known cross-site scripting errors, along with privacy concerns.

  10. Credit Card Details of 20 Million South Koreans Stolen

    In a classic 'insider' breach, an employee of the Korea Credit Bureau (KCB) has been arrested for stealing and later selling the personal details of millions of South Koreans to phone marketing companies. The Financial Supervisory Service (FSS) has said that the credit card firms will cover any financial losses suffered by customers through this incident.

  11. Judge Rules That Google Can Be Sued By Brits In British Courts

    In an important ruling, Mr Justice Tugendhat has cleared the way for the group of Brits known as Safari Users Against Google's Secret Tracking to sue Google in the the British courts. Google had argued that the case should be heard in the US. Mr Justice Tugendhat disagrees.

  12. Cisco Small Biz Wi-Fi Products Remotely Vulnerable

    Popular Cisco Wi-Fi routers for small and medium-sized businesses are in the cross-hairs thanks to a vulnerability that could allow an unauthenticated, remote attacker to gain root-level access to an affected device – and from there intercept information from devices that attach to it.

  13. Trojan Minecraft App Version Uses Smalihook to Defeat Certificate Signing

    A false version of the popular Android Minecraft PE app is being sold via Russian app stores for around half the price of the official app. Since third party app stores are not generally as thorough as Google's Play Store at finding and removing bad apps, they have become a popular means for distributing cloned and compromised apps.

  14. US-CERT Warns of NTP Amplification Attack Surge

    Network Time Protocol (NTP) amplification attacks, an emerging form of distributed denial-of-service (DDoS) that relies on the use of publicly accessible servers, is starting to make the rounds, US-CERT is warning.

  15. Stroz Friedberg Snaps Up Financial Investigations Firm

    The recent acquisition of Tyrian Partners by Stroz Friedberg aims to strengthen international forensic accounting services offered by the multinational forensic investigations specialist.

  16. Patch Tuesday Preview: January 2014

    Microsoft is extending the holiday period for Sys Admins this month: there are only four bulletins in January's Patch Tuesday; and not a single one marked 'critical'. Two, however, will require a restart, while the other two 'may' require a restart – so there will still be a degree of disruption involved.

  17. Two Thirds of Personal Banking Apps Found Full of Vulnerabilities

    A researcher looked at the security of home banking apps, and found shocking results. Forty home banking apps from the top 60 most influential banks in the world were tested and found to have major security weaknesses.

  18. Narrative Authentication Builds Storytelling into Logins

    Keywords, passphrases, 25-digit alphanumeric codes, picture recognition, biometrics –authentication is a notoriously difficult thing to effect while thwarting hackers the majority of the time, given the boundaries of human memory and the rampant presence of human error. To that end, a group of researchers have proposed a new sort of authentication approach that relies on personal stories.

  19. Hacker Nabs Downton Abbey Season Finale Script

    “Guccifer,” a hacker known for lifting high-profile information from A-listers, has managed to nab the script for Downton Abbey’s season finale, while also targeting emails of various other celebrities.

  20. SAP Combines MDM with NAC to Solve its Own Mobile Security Challenges

    Mobile device management (MDM) systems are gaining rapid adoption among enterprises that wish to better manage the increasing number of smartphones and tablets being used in corporate environments.

Why Not Watch?

  1. The Intelligence Edge: Clarity, Context and the Human Advantage in Modern CTI

  2. Securing M365 Data and Identity Systems Against Modern Adversaries

  3. The Cloud Risk Nobody Talks About: Why Resilience‑Focused Cloud Design Is Your Best Defense Against Modern Attacks

  4. How to Recover From a Cyber-Attack: A Step-by-Step Playbook

What’s Hot on Infosecurity Magazine?