Infosecurity News

  1. 2014: ‘The Year of Encryption?’

    Will 2014 see a big uptick in the use of biometric technologies, strong encryption, a rash of new key technologies and more? Some say that the era of having unencrypted data traffic flowing freely inside enterprises will likely soon come to a crashing halt, helped along by the US government, the Apple iPhone and other drivers.

  2. US Backdoors in French Satellites Threatens Billion Dollar Deal With the UAE

    A deal for two French Falcon Eye spy satellites, where cameras can detect very small objects on the ground, is in jeopardy after the UAE buyers claimed they contain US-made parts that are considered 'security compromising components.'

  3. Yahoo Has Been Serving Malware To Its Users

    On Friday 3 January, Dutch security firm Fox-IT detected malicious activity on some of its clients' networks – with a common factor: they had all previously visited yahoo.com. Further investigation revealed malvertising on the Yahoo site – and it is possible that millions of users have been infected via Yahoo.

  4. The Ubiquitous SD Cards can be Hacked to Deliver a MITM Attack

    Two researchers, Andrew 'bunnie' Huang, and Sean 'xobs' Cross, gave a talk at the Chaos Computer Congress describing how the ubiquitous flash memory card can be used to deliver a MITM attack against its host system. The problem is that SD cards are simply trusted, when perhaps they should not be.

  5. AutoIT Surges as Malware Component

    AutoIT, a flexible coding language that’s been used since 1999 for scripting in Windows, is now cropping up in next-gen malware like a Zeus variant that efficiently steals information from FTP sites and personal certificates.

  6. Dangerous Trojan Targets World of Warcraft

    Blizzard, the company behind the popular online multiplayer World of Warcraft game, has warned its gamers that a “dangerous Trojan” called Disker is being used to compromise player's accounts, even if they are using an authenticator for protection.

  7. NSA Maintains Its Own Catalog of Advanced Hacking Tools

    TAO, Tailored Access Operations, is the elite hacking group operated by the US National Security Agency. Its existence was exposed by the 'black budget' for 2013 leaked by Edward Snowden. Now Der Spiegel has published further details on the group that will play a major part in the projected infiltration of 85,000 computers around the world.

  8. NSA Can Turn iPhones into Eavesdropping Equipment

    Spook gadgets have come a long way from Maxwell Smart’s shoe phone. Reports have surfaced that the US National Security Agency can now turn iPhones into eavesdropping tools.

  9. Boston Restaurant Group Hit by Data Breach

    Customers at eight Boston-area dining establishments owned by the Briar Group may have had their credit and debit card data stolen. The mix of restaurants and Irish-style pubs are popular around the metro area, and include Anthem, City Bar, City Table, MJ O'Connor's, Ned Devine's, Solas, The Green Briar and The Harp.

  10. 4.6 Million Snapchat Usernames and Phone Numbers Leaked

    Back in August, GibsonSec warned that Snapchat's API was insecure, and offered to help. It got no response, other than Snapchat adding some security features and implying it was safe. Apparently frustrated, GibsonSec published full details on Christmas Day.

  11. Syrian Electronic Army Hacks Skype – Allegedly

    Reports have emerged this morning about a short-lived hack of Skype's Twitter and WordPress accounts by the Syrian Electronic Army. No evidence of the hack remains, although screenshots purportedly demonstrate that it happened. Unusually, it is in protest of NSA surveillance and alleged Microsoft complicity, rather than Western involvement in Syria.

  12. CryptoLocker's Ransom Haul Potentially Close to $1 Million in 100 Days

    CryptoLocker, the ransomware that uses a public-private key combo to potentially lock out victims from their files forever, has been striking since mid-September. And since it made its debut, it’s managed to make off with at least $300,000, one $300-or-less ransom payment at a time.

  13. Global Stock Exchanges Band Together on Cybersecurity Initiative

    A worldwide group of top stock exchanges have gotten together to launch the industry’s first cybersecurity committee, with a mission to aid in the protection of global capital markets.

  14. RSA Received $10 Million from the NSA to Make Flawed Crypto its Default Offering

    The accusation, made Friday by Reuters, is that "RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software."

  15. UK's ICO Issues Guidelines for an 'Appy' Christmas

    The UK’s Information Commissioner’s Office (ICO) is warning consumers to protect their personal information when downloading mobile apps, ahead of the busiest day of the year for app downloads. In tandem, it also issued guidance to help developers look after people’s information correctly and comply with the UK's Data Protection Act.

  16. Target Breach Affecting 40 Million Was Likely an Inside Job

    The US, originator of Black Friday holiday sales and the dubious homeland of in-store, post-Thanksgiving brawls over hot toys (remember Tickle-Me Elmo?), has been hit with the largest retail breach of credit and debit card information of 2013. In fact, at 40 million affected and counting, the security incident at Target may be one of the largest retail breaches ever.

  17. Industry Predictions for 2014; Part 3: The Effect and Influence of Government

    In Part 3 of our week-long look at industry predictions, we examine the effect and influence of government. There are two primary aspects: the influence of government (regulations); and the effect of government (which has been shown in the latter half of 2013 to have turned the internet into its own private surveillance machine).

  18. Bruce Schneier Leaves BT

    Bruce Schneier, BT's security futurologist, is leaving the company after eight years. In June 2013 he joined the board of digital rights firm Electronic Frontier Foundation, and has – since the Snowden revelations began – been a fierce critic of NSA/GCHQ mass surveillance. With BT increasingly implicated in GCHQ collaboration, it has become clear that the two positions are incompatible.

  19. Big Botnet, Posing as Firefox Add-on, Scans Web for SQL Vulnerabilities

    A slaving operation masquerading as a legitimate add-on for the Mozilla Firefox browser has created a 12,500-PC strong botnet army whose purpose is to find exploitable websites.

  20. Department of Energy Failed to Address Known Cybersecurity Weaknesses

    The US Department of Energy’s failure to address known cybersecurity weaknesses was a direct cause of a July 2013 data breach that affected more than 104,000 individuals, according to federal auditors.

Why Not Watch?

  1. How to Recover From a Cyber-Attack: A Step-by-Step Playbook

  2. Five Non-Negotiable Strategies to Get Identity Security Right in 2026

  3. The Intelligence Edge: Clarity, Context and the Human Advantage in Modern CTI

  4. The Cloud Risk Nobody Talks About: Why Resilience‑Focused Cloud Design Is Your Best Defense Against Modern Attacks

What’s Hot on Infosecurity Magazine?