Infosecurity News

  1. Iceland expelled FBI agents seeking to question a WikiLeaks volunteer

    On Friday, Iceland’s interior minister revealed that two years ago he expelled FBI agents who had arrived unannounced in Iceland to interview an unidentified WikiLeaks associate in August 2011, and had instructed the police not to cooperate with the FBI.

  2. Twitter hacked – 250,000 user details may have been lost

    Late on Friday afternoon Twitter announced that it had been breached and that attackers may have had access to usernames, email addresses, session tokens and encrypted/salted versions of passwords for approximately 250,000 users.

  3. Red October cyber-espionage campaign used highly sophisticated infiltration techniques

    Red October (Rocra), the high-level cyber-espionage campaign that successfully infiltrated computer networks at diplomatic, governmental and scientific research organizations worldwide, has a more shadowy persona than the typical APT, security researchers said.

  4. Google submits anti-trust proposals to EU

    Google has submitted anti-trust proposals to the European Union anti-trust regulator to stave off action that could potentially lead to a $4 billion fine.

  5. ISACA launches security audit programs for BYOD, data privacy and outsourcing

    Getting in on the triple zeitgeist of IT consumerization and the bring-your-own-device (BYOD) phenomenon, data privacy, and how to stay secure while taking on business partners, ISACA has developed three fresh IT audit/assurance programs for each subject area.

  6. Identity and access management in the cloud

    The growing prevalence of shadow IT caused by BYOD and remote working is making an existing security problem much worse: how do you protect an increasing number of passwords used for an increasing number of cloud applications?

  7. NY Times points blame for 4-month hack at Chinese government

    In a development that appears to be as politically motivated as the kidnapping of embedded investigative journalists in the Middle East, the New York Times said that it has uncovered a four-month-long hacking effort on the part of Chinese hackers.

  8. Financial skulduggery and email hackery

    Buried in all the financial reporting on the battle for control of Indonesian coal mining company Bumi is the small matter of whistleblowing and email hacking.

  9. Cross-site scripting attacks up 160% in Q4 2012

    Cross-site scripting (XSS) is increasingly common in the cloud computing world, up more than 160% in the fourth quarter of 2012 from the previous three months, a security firm is warning.

  10. Worldwide communications infrastructure faces APTs, bots, DDoS; mobile networks weakest

    Communications service providers and network operators are a potential weak link when it comes to security. Their networks carry every app, connect every mobile device and provide all of us with on-ramps to the internet. In short, we couldn't communicate personally or on a business level with out them. So how secure is worldwide communications infrastructure?

  11. From hackers to obituary-readers, identity theives have many personae

    From dumpster divers to pickpockets, identity thieves come in many varieties. But while identity theft continues to be one of the greatest security issues for consumers (the US Federal Trade Commission estimates that about 15 million Americans fall victim to identity fraud each year), very few consider the source – and therefore vector – of the attacks.

  12. Java security settings can be ignored by malware

    New vulnerabilities and flaws in Java are so common and frequent that it is difficult to keep pace. Less than two weeks ago it was revealed that the Java sandbox could be bypassed; now it is disclosed that the complete security settings can be ignored.

  13. Google plots Pwnium 3 Chrome hacking contest, with $3.14 million on the line

    In a move with perfect timing considering the number of Chromebooks that Google sold over the holidays (hint: a lot), the company has announced its third Pwnium hacking competition, which will have a new focus: the Chrome OS. In all, the browsing behemoth plans to award up to $3.14 million in winnings to those who can produce full exploits.

  14. Advocacy groups mark Data Privacy Day with key announcements

    The year 2012 was a very bad year for data breaches, with more than 240 million records compromised. So, to mark this week’s international Data Privacy Day, the Online Trust Alliance has released its ‘2013 Data Protection and Breach Readiness Guide’ to help organizations prevent and respond to such incidents.

  15. Anatomy of a botnet targeting Facebook users

    PokerAgent, a trojan botnet that infected about 800 computers, mainly in Israel, and stole around 16,000 Facebook credentials during 2011/2012 is analyzed in depth.

  16. Lessons to learn from the Yahoo! hack

    Last month Egyptian hacker ViruS_HimA claimed a hack into a Yahoo server. He provided proof without disclosing any content, and claimed his purpose was to improve security by demonstrating its weakness.

  17. Malwarebiter is fakeAV, warns MalwareBytes

    A product advertising itself as the ‘World’s greatest anti-malware software’ is really fakeAV from a site that delivers Zeus via drive-by downloading, says Malwarebytes; but Norton Safe Web doesn’t know it.

  18. Numerous surveillance cameras may be vulnerable to unauthorized access by hackers

    About 20 security camera solutions are vulnerable to hackers looking to gain remote, unauthorized access to closed-circuit surveillance networks.

  19. Ransomware threat on the increase

    While DDoS and APTs may be the main threat to business, ransomware is increasingly and effectively being targeted against the consumer. A new spike in Trojan.Ransomlock.Y detections has been noted this week.

  20. Google facing legal battle in the UK over Safari cookies

    Today is Data Protection Day in Europe (Data Privacy Day in the US/Canada). It also marks the launch of a new Facebook page, ‘Safari Users Against Google's Secret Tracking.’

Why Not Watch?

  1. Audit & Compliance in the Era of AI and Emerging Technology

  2. Modernizing GRC: From Checkbox to Strategic Advantage

  3. OT Security Ecosystem for Targeted Risk Reduction and Reporting

  4. Exposing AI’s Blind Spots: Security vs Safety in the Age of Gen AI

What’s Hot on Infosecurity Magazine?