Infosecurity News

  1. Java: Write Once, Pwn Anywhere

    Just as a new report explains why Java vulnerabilities, despite Oracle's best efforts, remain the hackers' favored target, a Polish researcher discovers that the latest version, Java 7, is susceptible to a 10-year old attack.

  2. Rex Mundi Hackers Post Data Stolen from Numericable

    Numericable is a cable TV company operating in France, Belgium and Luxembourg. Rex Mundi claimed to have stolen customer data and demanded €22,000 for its return. Numericable declined, and denied that the hackers had the data.

  3. Tumblr Patches its iOS App After Password Vulnerability

    A brief statement from Tumblr late on Tuesday confirmed that its iPhone and iPad apps had been updated to patch "an issue that allowed passwords to be compromised [sniffed] in certain circumstances."

  4. GCHQ's Use of NSA's Prism Data is Legal, says UK

    The legality of Prism in the US is a question for Congress and the US courts, says Sir Malcolm Rifkind, chairman of the UK's all-party Intelligence and Security Committee – but the acquisition of Prism data by GCHQ is done legally.

  5. Dirty AndroRAT: New Tool Lets Anyone Trojanize Android Apps

    Malware authors are ever-adaptable, as evidenced by the rise of remote access tools (RAT) written in Java that are capable of running on multiple operating systems. The Android mobile operating system has made its way into the RAT crosshairs, with a new “binder” for sale in the criminal underground that allows users to repackage and trojanize legitimate Android applications.

  6. Mobiquant Invited by Japanese Government to Exhibit at IT pro EXPO

    The France-based mobile security specialist will participate in Japan’s leading IT innovation trade event to demonstrate its security solutions.

  7. Water Hole Replacing Spear-Phishing as State-Sponsored Weapon of Choice

    Spear-phishing is an attack that attempts to ensnare a specific individual or group of victims via email; water hole attacks wait for the victim to come to the trap. Attackers – especially state-sponsored attackers – are increasingly turning to the latter as their weapon of choice.

  8. Verizon Hack Turns Femtocells into Mobile Spy Stations

    Femtocells are nice-to-have mini-cells that boost cellular coverage indoors, to prevent consumers from going down to one, slow bar inside a house or store. Verizon Wireless offers femtocells for home use, but it turns out they can do more than supercharge one’s 3G – the $250 gadgets can also be turned into mobile spy stations.

  9. EXPIRO File Infector Variant Presents Unusual Threat Combo

    A file infector malware recently discovered in the wild is exhibiting what security researchers are calling unusual characteristics stemming from an unexpected combination of threat techniques.

  10. Goofing off at Work Can Lead to Malware Infections and Data Breaches

    Surveys show that employees spend up to 30% of their working hours on private affairs. And all of those non-productive hours could translate to not just lost output, but actual negative equity in the form of malware attacks and hacking incidents.

  11. Half-Life 3 Confirmed!

    Half-Life is a popular game developed by Valve and available on the Steam gaming platform. Enthusiasts of Half-Life 2 have been waiting years for the next installment; long wanted but never delivered. Despite the 'confirmation', it still isn't.

  12. Governments are Big Buyers of Zero-Day Flaws

    The extent and sophistication of the market for zero-day vulnerabilities is becoming better understood. It appears that governments – especially the US, UK, Israel, Russia, India and Brazil – are among the biggest customers.

  13. ICO Fines NHS Surrey £200,000

    The UK's Information Commissioner has fined NHS Surrey £200,000 for not ensuring that patient data was completely removed from recycled PCs. Some of those PCs ended up on an online auction site.

  14. Post-PRISM, Feds Have Been ‘Disinvited’ to Def Con Hacker Gathering

    As the annual Def Con event prepares to launch in Las Vegas on August 1, 15,000 hackers are planning to descend onto the hot desert landscape. Organizers have however warned federal agents, government security staffers and law enforcement agents that their particular presence is not required.

  15. Retina Scans? Yes Please! Just Not for Passwords or PINs

    Cue the Mission Impossible theme: Europeans (especially the French) really like the idea of biometrics – ultraviolet fingerprint authentication, vein topography scans and the like – when it comes to slipping into secure corridors and preventing international criminals from moving across borders. But when it comes time to use them for ho-hum applications like password replacement? Not so much...

  16. 35,000 Unauthorized Logins at Konami Video Games Company

    Konami Digital Entertainment announced on Wednesday that it had experienced 35,252 unauthorized logins (out of 3,945,927 attempts). This occurred within days of a similar experience at Nintendo.

  17. Attackers Using Dropbox and Wordpress to Target, Disguise and Distribute

    Trusted and popular cloud services Dropbox and Wordpress are being incorporated into sophisticated, targeted APT-style attacks by the same Chinese group thought to be behind the New York Times compromise late last year.

  18. Hitachi ID Systems releases updated ID management offering

    The Canada-based ID management specialist has unveiled a new release for its ID Management Suite, with additional features. The firm has also inked a deal with one of Europe’s leading telecommunications providers.

  19. Morningstar Provides (some) Information About Breach

    Morningstar Inc, an investment research firm, has disclosed a breach that compromised 2300 credit card details and possibly 182,000 user names and passwords; but the company has provided little additional information.

  20. EMC's RSA Division Acquires the Aveksa IAM Company

    Authentication lies at the heart of security -- ensuring that only authorized users can access relevant data is the basis of keeping data safe and companies compliant. This is the role of identity and access management (IAM) systems. But in recent years it has become increasingly difficult.

Why Not Watch?

  1. Exposing AI’s Blind Spots: Security vs Safety in the Age of Gen AI

  2. How Mid-Market Businesses Can Leverage Microsoft Security for Proactive Defenses

  3. Risk-Based IT Compliance: The Case for Business-Driven Cyber Risk Quantification

  4. OT Security Ecosystem for Targeted Risk Reduction and Reporting

What’s Hot on Infosecurity Magazine?