Infosecurity News

  1. Spamhaus suffers largest DDoS attack in history – entire internet affected

    Spamhaus, an IP blacklisting service, has been under a distributed denial-of-service (DDoS) attack for a week. Attack traffic has been rated at up to 300Gbps – three times higher than the previous record, and six times greater than the typical attack recently targeting US banks.

  2. Java vulnerabilities are almost ubiquitous

    Java vulnerabilities are seemingly ubiquitous, with vulnerabilities and zero-days nabbing headlines on what seems like a weekly basis. According to an analysis, that perception cleaves fairly close to reality: 94% of endpoints are vulnerable to at least one Java exploit, opening the door for data theft.

  3. The dark side of encryption and social networks: Pedophile Jailed in UK

    An internet pedophile has been jailed at the Inner London Crown Court for eight years after using social networks for grooming and encryption to hide his offenses. Because of the encryption, the police can only guess at other crimes.

  4. Trojans, RATs and Slovenian money gang involved in $2.5 million bank fraud

    Slovenian Police have detained five citizens in a $2.5 million, highly targeted bank fraud campaign. The criminal group was found to be using 25 money mules to electronically transfer funds out of the accounts of smaller companies.

  5. Identifying individuals through mobile tracking

    A new report published in Nature's Scientific Reports section shows how the location data available from mobile devices can be used as a virtual fingerprint to identify individual people regardless of whether the data is 'anonymized'.

  6. Ministry of Justice consultation on compulsory DPA audits for NHS bodies

    The UK Ministry of Justice has issued a new consultation paper aimed at NHS data controllers asking for views on whether the ICO should be able to impose a data protection audit on NHS bodies without their consent.

  7. Pirated software carries malware payload that can cost billions

    Pirated software may carry an ostensibly small price tag compared to the real thing, but it often also carries something else: ride-along malware that will cost consumers 1.5 billion hours and $22 billion this year in identifying, repairing and recovering from its impact.

  8. Advanced vSkimmer botnet targets card payment terminals

    The next evolution of credit card payment details extraction has hit Russian underground hacking forums in the form of the vSkimmer malware, a botnet that directly targets card payment terminals using Windows.

  9. Anonymous claims Mossad hack; experts not convinced

    This weekend saw the release of around 35,000 names and other details, allegedly including Mossad agents, stolen by Anonymous and following a warning that OpIsrael phase 2 – designed to ‘erase’ Israel from the internet – would commence on 7 April.

  10. Details of the latest Sykipot exploits revealed

    Sykipot malware, often tied to a Chinese origin, has been used extensively over the last few years to target primarily US defense organizations. Now the latest zero-day exploits used by the gang have been revealed.

  11. Seoul cautious in blaming North Korea for massive cyberattack

    South Korea, the globe’s most-wired country and one of its biggest tech hubs, has been hit with a wave of attacks on major media and banks, freezing networks and broadcast infrastructure and rendering a swath of ATMs, mobile banking, websites and payment kiosks unusable.

  12. Privacy rules for the Police National Database protected sex offender Jimmy Savile

    A critical review of the Jimmy Savile case, who now posthumously has hundreds of sexual abuse allegations against him, suggests that a combination of his celebrity status and police privacy rules combined to protect him for decades.

  13. Scam warning: Facebook Black is back

    The opportunity to change from Facebook blue to a different color is not a new scam, but there’s a new one doing the rounds right now: “I Totally Just Added The Brand New Facebook Black.”

  14. Carna botnet – an interesting, amoral and illegal internet census

    It started from a joke – we should try root:root to log on to random IP addresses. But it evolved from that into a botnet of port scanners able to port scan the entire IPv4 internet in very short order: a complete IPv4 internet census.

  15. NATO lays out cyber-war rules of engagement

    A new handbook created for NATO has set out 95 black-letter rules of cyber warfare that, among other recommendations, states that governments should refrain from launching attacks on civilians, hospitals, nuclear power stations, dams and dykes.

  16. Pinkie Pie slices out $40K reward at Google Pwnium 3 hacking contest

    Earlier this month at the CanSecWest security conference, Google’s Chrome team took part in the Pwn2Own hacking contest and hosted its own, the third iteration of its Pwnium competition. While there weren’t any “winning” entries at Pwnium – i.e., no full exploits against the browser were developed – Google did pay out a partial reward to the teen hacker who appears to be making Chrome a bit of a specialty.

  17. Sophisticated Rating System for Cyber Attacks Proposed

    It has long been suggested that ‘advanced’ is a misnomer in the majority of APTs; and that ‘sophisticated’ has lost its meaning. Is it time for an objective attack rating to eliminate emotive, subjective and misleading threat terminology?

  18. Still NotCompatible: Android trojan takes fresh tack with spear-phishing

    An old Android malware threat is targeting mobile devices in a new way: the NotCompatible mobile trojan is now using email spam to dupe people into clicking an initiating link.

  19. Has HTTPS been broken?

    In practical terms for the average user, probably not yet; but in the absolute terms of crypto-theory, probably yes – again. The difference is that security professionals measure security in the relative terms of risk analysis, while cryptographers take a binary view to cryptography: it is or it is not broken.

  20. Removing administrator rights is no solution against drive-by attacks

    When Windows 7 was released, Gartner recommended that migration from XP be used as a catalyst for removing administrator rights from as many users as possible, which it said is ‘the single most important way to improve endpoint security.’

Why Not Watch?

  1. OT Security Ecosystem for Targeted Risk Reduction and Reporting

  2. Revisiting CIA: Developing Your Security Strategy in the SaaS Shared Reality

  3. Modernizing GRC: From Checkbox to Strategic Advantage

  4. Exposing AI’s Blind Spots: Security vs Safety in the Age of Gen AI

What’s Hot on Infosecurity Magazine?