Infosecurity News
Internet Explorer zero-day blamed for Department of Labor website attack
The watering hole campaign that targeted a US Department of Labor website was the result of a brand-new zero-day vulnerability affecting Internet Explorer 8 (CVE-2013-1347), and not a patched, known quantity as originally thought.
New online backup service scans for malware before saving files
Consumers often look to protect their assets in the event of computer theft, loss or an “incident” that wipes out files and requires a complete restoration.
Report: Chinese hackers drained secrets from top US military and spy contractor
Spies like us? Apparently so, as in, they’re just as vulnerable to Chinese hackers as anyone else. One of the top espionage and military contractors for the US, QinetiQ North America, has been successfully compromised and its information siphoned off, according to a Bloomberg report.
Trojans cause 80% of worldwide malware infections
When it comes to malware, the spawning rate of new threats does not appear to be slowing down at all: In the first quarter of 2013 alone, more than six and a half million new malware samples were created, according to Panda Security’s latest malware report.
58% Information Security Incidents Attributed to Insider Threat
The consumerization of computing has changed the IT landscape. Employees can and do now access corporate data from a multitude of devices in a multitude of locations. Where the ‘insider threat’ was once posed only by the occasional malcontent employee, it is now comes from every naive employee on the payroll.
Video interview: NAC, BYOD, and advanced threat protection
Drew Amorosi, deputy editor of Infosecurity, interviews ForeScout’s Scott Gordon at last week’s Infosecurity Europe 2013 show in London.
Adobe adds security post to its executive management team
It’s an old face in a new place, as Adobe has promoted Brad Arkin to become the company’s first chief security officer.
Department of Labor website delivered malware to visitors
Europeans – not so much Americans – will not miss the irony of a US Department of Labor website serving malware apparently aimed at its own labor force on May 1: International Worker’s Day.
e-skills research demonstrates need for entry routes into cybersecurity careers
An information skills shortage in the UK is not disputed. Why that skills shortage exists and what can be done about it is the issue. Today a high-power (general) forum at The Spectator will seek answers, coinciding with a new (specialist) analysis published by Alderbridge and e-skills UK.
Feds look to extend wiretapping mandate to online services
Even as online privacy continues to be in the spotlight, a government task force is reportedly prepping legislation that would enable law enforcement officials to intercept online communications in real-time, via companies like Facebook and Google, in what is basically an extension of the CALEA wiretapping act.
Firefox sends FinFisher authors a cease and desist letter
FinFisher is a commercial spyware product produced by the UK’s Gamma International. It is widely implicated in government surveillance of national dissidents in countries with poor human rights records.
Kuluoz-loaded spam shines in April
As April draws to a close, its predominant malware distribution trend lies in the proliferation of spam email purporting to link to an invoice, receipt, airline ticket or other confirmation document for a large purchase. The initial payload of this campaign has been a malware trojan called Kuluoz, which uses an icon that resembles a Microsoft Office application document.
Malicious Apache server and Blackhole provide stealthy backdoor
A modified version of an Apache web server is redirecting requests to the infamous Blackhole exploit kit. Researchers have unmasked a new bug being served up, dubbed Linux/Cdorked.A, as a sophisticated and stealthy backdoor meant to drive traffic to malicious websites.
Fraud-as-a-service takes to Facebook to market financial crimeware
Fraud-as-a-service (FaaS) offerings have been knocking around since the release of the first commercial banking trojan, Zeus, in 2007, largely offered through postings in the shadowy world of underground hacking forums. Lately, though, FaaS operators are turning to a new marketing platform: Facebook.
Smart meters – benefit or information security threat?
Smart meters are being ‘sold’ to the public as a benefit to the householder, leading to better electricity management, lower emissions, easier switching and an electronic connected home. But there are also growing concerns about the privacy and security issues they bring with them.
Asian RATs dominate the malware landscape
The malware epidemic has gone global, with 184 nations housing communication hubs and command-and-control (CnC) servers, new research has found. Of that, Asia and Eastern Europe account for the majority of activity.
Serial killers: More than 100K hackable ports are still out there
Remember serial ports? Those 9-pin connections used to hook up a mouse or keyboard to a desktop computer? The world may have gone gaga for USB ports, laptops and tablets, but these relics from the pre-portable computing era are still knocking around enterprises.
New Google Play policy to thwart bait and switch malware on Android
Google has changed its Play Store policy to make bait and switch malware tactics more difficult – an app that is downloaded via the Google Play mechanism must now also be updated via the Google Play mechanism.
Flaw in Apple’s Safari browser
Safari, the world’s fourth most popular browser, contains a universal cross-site scripting bug that could be exploited to steal cookies, passwords or files, perform cross-site request forgeries (CSRF) or install viruses via malicious Javascript.
Iceland, Wikileaks and The Pirate Bay
Tiny Iceland has a history of facing down larger adversaries (in 1976 it ‘won’ the Cod Wars against the UK; in 2011 it sent US agents packing for not obeying protocol). But now it will face renewed scrutiny from two of the world’s most powerful agencies: the FBI and the Rightsholders.
