Infosecurity News

  1. Researcher finds five security holes in Linksys home routers

    Last year, independent security researcher Phil Purviance demonstrated a vulnerability in a WRT54GL router that would allow a hacker to design an internet worm that targeted them and turned the routers into a powerful botnet that is able to monitor traffic across all types of networks.

  2. Sourcefire appoints new CEO

    The Maryland-based security firm has named John Becker as its new chief executive

  3. Pincer.A – new Android trojan warning

    A new Android trojan that pretends to be a security feature has been discovered. Once installed, it displays a ‘certificate’ logo, which, if clicked, pops up a message: “Certificate installed successfully! Your device is protected now.”

  4. SpiderOak shares are vulnerable

    A few weeks ago research showed that Amazon’s public buckets can be more public than their owners intended. Now the original researcher shows that Amazon (and Apple’s MobileMe) file storage options are not alone: SpiderOak is also vulnerable.

  5. Darkleech infects 20,000 websites in just a few weeks

    Security researchers have long been aware of the Darkleech threat; but general public awareness is new. It is Apache 2.2.2+ web server malware that infects web pages and seeks to redirect visitors to other sites hosting exploit kits.

  6. US Army has gaping BYOD mobile security holes

    The effects of the bring-your-own-device (BYOD) phenomenon are being felt across the US military, according to a report from the US Inspector General’s office. It found that US military data security is woefully lacking when it comes to device tracking and policy enforcement. Most alarmingly, the military CIO’s office was found to be unaware of more than 14,000 mobile devices in active use across the US Army.

  7. Bitcoin hackers hit Mt. Gox and Instawallet with major attacks

    Bitcoin, the virtual currency employed for various web-related transactions, has been enjoying an epic valuation the last few days, reaching an all-time high of $142 per BTC this week according to trading platform Mt. Gox. That translates into $1 billion in BTC circulation, and the smell of money has apparently attracted hackers to the well: Two separate attacks, aimed at Mt. Gox as well as Instawallet, have caused major Bitcoin service interruptions.

  8. UK think-tank advocates a central hub for police social media intelligence

    Policing is intelligence led. Social media is a prime source of intelligence (SOCMINT – social media intelligence). To maximize the potential in SOCMINT it is suggested that the police should develop a central hub of social media expertise.

  9. Krebs outs Flashback author

    A year ago Flashback became the most prolific ever Mac virus, infecting an estimated 650,000 Macs. Now researcher and blogger Brian Krebs names the man he believes to have authored the trojan.

  10. Zombie survivalist game, The War Z, taken offline following password hack

    Gaming platforms, from the Sony PlayStation Network data heist to a break-in of the Gamingo platform one year ago are sporadic but compelling targets for hackers, thanks to their ability to touch so many users at one time. The latest gaming victim is the online multiplayer game, The War Z, which has been taken offline after the compromise of thousands of user accounts.

  11. Hundreds of Japanese one-click scams found infesting Google Play store

    Niche-focused malware is becoming more prevalent as targeted attack vectors continue to pay off in terms of social engineering.

  12. London Underground users can now be hacked at more than 100 Tube stations

    The introduction of Virgin Media’s WiFi to the London Underground is a valuable addition to the UK capital’s anywhere, anytime attitude towards work and the internet – access via mobile phones and tablets need no longer be affected simply because the user is 20 metres underground.

  13. Firefox 20: 11 security fixes and improved private browsing

    Firefox 20 was released on Tuesday. It includes 3 critical, 4 high, and 4 moderate vulnerability fixes; plus several enhancements including a private browsing mode and improved download manager.

  14. LockLizard extends PDF rights management security to the iOS platform

    The London-based digital rights management (DRM) specialist has released its latest Secure PDF Viewer for the iOS mobile operating system

  15. BaneChant trojan hides behind multiple mouse clicks

    A backdoor trojan apparently aimed at the governments of the Middle East and Central Asia has been detected, with a notable new ability to evade detection by tying its execution to multiple mouse clicks.

  16. Washington DSHS clients face potential patient data breach

    Stolen hardware is once again the culprit behind a potential healthcare breach – this time in Washington state, where a private contractor's laptop containing confidential and personal health information on 652 state Department of Social and Health Services (DSHS) clients was discovered to be stolen.

  17. Men's Health & Miltary-themed emails spread malware

    An email campaign spreading malware via links purporting to be either for Men’s Health articles or military-related is spreading quickly, and appear to be coming from Australia or South Korea.

  18. Does ACTA live on in the EC IPRED Directive?

    The European Commission has run a public consultation on the enforcement of IPRED – the Intellectual Property Rights Enforcement Directive. The consultation closed on the day before April Fool’s Day – but not everybody is amused.

  19. American Express joins the ranks of US banks attacked by al-Qassam group

    On Thursday last week the American Express website went offline for a couple of hours during a DDoS attack by the Izz ad-Din al-Qassam Cyber Fighters in pursuance of their ongoing protest against the Innocence of Muslims video.

  20. Don't forget: Evernote used for malware control

    The cloud-based note-taking tool Evernote, with its adorable elephant logo and general user-friendly touchy-feely vibe, seems innocuous enough. However, cybercriminals are giving it a very different character, by hijacking the popular service and using it as a communication and control (C&C) server for malware.

Why Not Watch?

  1. Audit & Compliance in the Era of AI and Emerging Technology

  2. Mastering AI Security With ISACA’s New AAISM Certification

  3. Modernizing GRC: From Checkbox to Strategic Advantage

  4. Risk-Based IT Compliance: The Case for Business-Driven Cyber Risk Quantification

What’s Hot on Infosecurity Magazine?