Infosecurity News

  1. Attack on South Korean targets part of a larger cyber-espionage campaign

    The March 20 cyber-attack on South Korean financial services and media firms, known as Dark Seoul, was thought to be significant not only for the high-profile nature of the targets but also for the use of a Master Boot Record (MBR) wiping functionality that erased the hard drives of infected PCs.

  2. Patch Tuesday preview: July 2013

    Microsoft will issue seven security bulletins in this month's Patch Tuesday tomorrow. Six are marked critical and one is marked important, heralding a busy period for both desktop and server admins.

  3. 99% of Android Devices Vulnerable to App Modification

    A stealth start-up founded last year has discovered and described a vulnerability that it claims affects 99% of all Android devices – in fact every device sold since Android 1.6 (Donut); that is, nearly 900 million devices.

  4. The European Parliament has voted in favor of a new directive on cybercrime

    By a vote of 541 to 91, with 9 abstentions, EC proposals for a directive on stiffer penalties across Europe for cybercriminals have been adopted by the European Parliament. Denmark has chosen to opt out of the directive, preferring to maintain its own system.

  5. Darkleech now delivering ransomware

    Darkleech compromises the Apache web servers that deliver a large part of the internet. It fetches an instance of the Blackhole exploit kit, which delivers the Nymaim ransomware. $300 to get your computer back.

  6. Ubisoft, maker of Assassin's Creed and Ghost Recon, breached

    Ubisoft, the French game company that asked Kaspersky Lab to make sure hacking in its upcoming Watch Dogs game looks real, got hacked for real with names, emails and passwords stolen.

  7. CEOP's annual report on the threat of child abuse

    The UK's Child Exploitation and Online Protection Centre (CEOP) has published the second of its annual Threat Assessment of Child Sexual Exploitation and Abuse reports.

  8. MI5 and GCHQ: Britain facing 70 advanced cyber attacks per month

    The UK’s MI5 and the Government Communications Headquarters (GCHQ) have revealed that according to their information-gathering activities, Britain faces around 70 sophisticated cyber-espionage operations per month against its government and industry networks.

  9. Europe furious over latest Snowden revelations

    Spiegel Online reported Saturday that it had seen Snowden documents indicating that the NSA had 'spied' on both the EU's diplomatic representation in Washington and its representation to the United Nations.

  10. NIST revamps mobile device security guidelines for smartphone era

    The US National Institute of Standards and Technology (NIST) has published a mobile device management guide for federal agencies seeking secure methods for workers to use smartphones and tablets.

  11. Fake Opera 'update' pushes Zbot malware

    Norway’s Opera Software has issued an advisory this week detailing a June 19 attack by hackers who breached the company’s network and used one of its older, expired code-signing certificates to digitally sign a Zeus-based piece of malware and package it as an update for the Opera internet browser.

  12. Lotus F1 builds a secure, reliable network

    While the Lotus F1 Team prepares for the British Grand Prix at Silverstone this weekend, Infosecurity talked to its CIO about the network and security demands in a very unusual business.

  13. Facebook Fix SMS Hack Bug

    A UK security researcher has disclosed a bug in Facebook's code that allowed him to take over any Facebook account in less than a minute - and earned himself a $20,000 bug bounty in the process.

  14. Bruce Schneier joins EFF; stays with BT

    Schneier, author of Applied Cryptography, Secrets and Lies and other books, founder of Counterpane (now BT Managed Security Solutions), and designer of the Blowfish and Twofish encryption algorithms, has joined the board of EFF.

  15. Vormetric receives $15 million cash infusion from investors

    A group of investors led by venture capital firm Split Rock Partners has provided $15 million in new funding to Vormetric, the San Jose-based firm that specializes in security and encryption services for virtual, cloud-based and physical environments.

  16. Malware attackers leave behind digital clues

    Just as the science of fingerprints, DNA, and fiber analysis have become invaluable in criminal forensics, connecting the dots of an advanced cyber-attack can help identify even the most sophisticated threat actors – if researchers know what to look for.

  17. BAE Systems Detica Reports on BYOD Problems

    Nobody doubts that BYOD is a security issue – the connection of employees’ personal devices to the corporate network worries IT staff. There are security solutions; but study after study surprisingly shows that many companies simply ignore the problem – either not allowing the use of BYOD even though they know it happens, or allowing it but doing nothing to secure it.

  18. Cutwail spamming out Andromeda – using Qantas as the lure

    A current spam campaign from the Cutwail botnet is sending out the Andromeda bot loader (aka Gamarue) which subsequently downloads the Zeus banking trojan. Numerous spam themes are employed, including flight/ticket details, courier, tax, hotel, payroll, invoice, social media and others.

  19. CREST launches CRESTx at Lancaster university

    CREST is the council for registered ethical security testers, a standards based organisation that provides assurance and trust in penetration testers and ethical hackers. On 3 July 2013 it is running its first CRESTx conference at Lancaster university, one of the EPSRC-GCHQ Academic Centres of Excellence in Cyber Security.

  20. Phishing targets UK businesses 3,000 times per day

    Phishing attacks are evolving, and becoming more widespread over time: Kaspersky Lab has found that 3,000 UK internet users were subjected to phishing attacks each day for the past year, a notable increase from 1,000 the year before.

Why Not Watch?

  1. Revisiting CIA: Developing Your Security Strategy in the SaaS Shared Reality

  2. Exposing AI’s Blind Spots: Security vs Safety in the Age of Gen AI

  3. OT Security Ecosystem for Targeted Risk Reduction and Reporting

  4. Mastering AI Security With ISACA’s New AAISM Certification

What’s Hot on Infosecurity Magazine?