Infosecurity News

  1. Poor programming, app design bolster data breaches

    With data breaches on the rise and the costs stemming from them escalating exponentially, human error is often the culprit. But there’s a deeper issue: poor application design and faulty programming are all too common.

  2. Tyler – an overview, and interview with Anonymous

    Tyler is touted as ‘WikiLeaks on steroids.’ The current site (codenametyler.org) is unimpressive – so Infosecurity reached out to Anonymous for an update on its development.

  3. Chinese national pleads guilty to role in $100 million software piracy scheme

    Xiang Li yesterday pleaded guilty to two federal charges relating to the sale of ‘cracked’ sophisticated software sometimes at less than 1/1000th of its retail price. Sentencing is scheduled for May 3.

  4. John McAfee claims Belize is helping terrorists enter the US

    Security pioneer John McAfee is back in the headlines with a claim that he organized a shadowy group of personal espionage operatives and marshaled keylogging spyware to collect data on top government officials and other powerful people in his adopted home of Belize. As a result, McAfee said he has evidence that Belize is helping Middle Eastern would-be terrorists enter the US with fake identities.

  5. TURKTRUST: No harm from fake digital certificates

    In the wake of the revelation that browser vendors Microsoft, Google and Mozilla have blocked two faulty SSL certificates generated by Turkish Certificate Authority third-party TURKTRUST, the company has responded that there was no attack, fraud or other crime leading up to or arising from the mistake.

  6. Julian Assange taken into custody hoax – just one of many

    A report in IndyMedia UK on 4 January 2013 claimed that WikiLeaks founder Julian Assange had been arrested by Scotland Yard officers while visiting a private medical clinic close to the Ecuadorian embassy. It was a hoax.

  7. Microsoft, Mozilla and Google block fake Google digital certificates

    A new active attack using phony Google digital certificates accidentally issued by a Turkish certificate authority (CA) known as TURKTRUST is making the rounds, affecting Firefox, Google Chrome and Internet Explorer users.

  8. The lessons of Shamoon and Stuxnet ignored: US ICS still vulnerable in the same way

    The ICS-CERT Monthly Monitor for the last quarter of 2012 provides news and alerts for industrial control systems and infrastructure companies – and describes two particular attacks on a power generation facility and an electric utility.

  9. Poor disclosure means poor security standards in Japan

    The ‘lack of public disclosure reflects lack of government-wide standards’ warns the Daily Yomiuri. It is, it suggests, symptomatic of a wider malaise in Japan’s attitude towards cyber defense.

  10. Dissection of 'itsoknoproblembro', the DDoS tool that shook the banking world

    Last autumn the US banking world was shaken by sustained, heavy and effective DDoS attacks that peaked at 70 Gbps – a traffic load capable of overwhelming the majority of network infrastructures. More of the same is expected in 2013.

  11. New Google Chrome clickjacking vulnerability rears its head

    Beware when looking for help with that new Chromebook: Google Chrome users visiting Google support pages could be vulnerable to a clickjacking technique that could lay bare their e-mail addresses, profile pictures, first and last names, and other information.

  12. Android spambot spreads by offering free games

    File under 'if it sounds too good to be true, it probably is': A new Android trojan is spreading rapidly through SMS messages that offers free stuff, like $1,000 Target gift certificates and free games.

  13. Amazon malware targets holiday favorite, Kindle Fire

    Gift-wrapped versions of the Kindle Fire e-reader are expected to be fairly widespread underneath Christmas trees this year, but Kaspersky Lab warns consumers to be alert to malware in the Amazon App Store.

  14. State-sponsored malware like Stuxnet will hit private enterprise hard in 2013

    Call it collateral damage: Organized cybercriminals and hackers will leverage digital certificate-based attacks to infect enterprise IT systems with state-developed malware such as Flame and Stuxnet – with the nefarious result of impacting business operations worldwide, and opening the door to a flood of data breaches and brand damage reaching far beyond the cyber-war targets the malware was created for.

  15. Sudoku malware teases users

    “As the end of the year approaches and things calm down around the office, what better way to while away a few minutes than with a harmless Sudoku?” ask Sophos researchers Peter Szabo and Richard Wang. Apparently, there are plenty of better options: the two have discovered malware disguised as a Microsoft Excel spreadsheet used to generate Sudoku puzzles.

  16. Apocalypse 2012: Hackers booby-trap end-of-world slide show

    As anyone knows who spends time watching the History Channel’s H2 network, which has a full slate of apocalypse-focused programming in heavy rotation, Dec. 21, 2012, marks the end of the Mayan Long Count calendar and is the focus of end-of-days devotees worldwide. Always alert to a social engineering opportunity, hackers have, in the spirit of Armageddon, created a booby-trapped PowerPoint presentation entitled, "Will the world end in 2012?"

  17. Let's Solve 2012 Threats Before Worrying about 2013

    While some companies are predicting new and esoteric threats for the new year, nCircle says remember the existing threats: they’re alive and kicking and the bad guys won’t abandon them while they still work.

  18. Murder by Internet devices predicted in 2014

    Predictions for 2013 are 'more of the same old same old' suggests one security company; but 2014 will bring ‘murder by interconnected devices’, successful exploitation of military assault systems (drones), infrastructure catastrophes and more.

  19. Cyber-Ark Appoints RSA Exec to its board of directors

    Global information security firm Cyber-Ark Software recently announced the appointment of Tom Heiser, president of RSA, The Security Division of EMC, to the company’s board of directors.

  20. Chapro – new Apache malware ultimately delivering Zbot

    A newly discovered malicious Apache module injects an iFrame into webpages it serves, sending visitors to a separate server hosting a Sweet Orange exploit pack that currently attempts to deliver Zbot.

Why Not Watch?

  1. Mastering AI Security With ISACA’s New AAISM Certification

  2. Risk-Based IT Compliance: The Case for Business-Driven Cyber Risk Quantification

  3. Audit & Compliance in the Era of AI and Emerging Technology

  4. OT Security Ecosystem for Targeted Risk Reduction and Reporting

What’s Hot on Infosecurity Magazine?