Infosecurity News
2013: Mobile exploit kits, Apple App Store malware, cyberwar top the threatscape
With many of the same cyberthreats expected to play out in 2013 as during 2012 (think government-sponsored attacks, hacktivism and open-source hacks against Wordpress, Joomla and Drupal), Websense Security Labs expects some new wrinkles in the threatscape, including mobile exploit kits and sandbox/virtual environment avoidance.
Trojan Upclicker ties malware to the mouse
As if there weren’t enough security concerns to worry about, like falling for social engineering-based scams, following bad links or downloading fake apps, Windows PC users have another activity to be on guard about: left-clicking the mouse.
After Zitmo comes Citmo – Carberp in the mobile
The Eurograbber campaign exposed earlier this month, netting €36 million for the criminals, was a Zeus-in-the-mobile (Zitmo) attack. Late last week, the AV companies started to warn about new Android trojans: Citmo, or Carberp-in-the-mobile.
An introduction to return on security investment – RoSI
The European Network and Information Security Agency (ENISA) has published a paper on the return on security investment (RoSI); being the problems inherent in calculating a return on investment for loss prevention rather than profit gain.
Europol takes down major card fraud network
Europol has today announced the arrest of 56 suspected card fraudsters, 38 in Bulgaria, 17 in Italy and one in The Netherlands, in an operation involving 400 police officers coordinated from the Operational Centre at Europol headquarters in The Hague.
Facebook, FBI team up to crack botnet ring
The US Department of Justice and the FBI, along with international law enforcement partners, have arrested 10 individuals suspected of operating an international cybercrime ring that has compromised 11 million computer systems and caused more than $850 million in losses via the Butterfly Botnet. And it had help from an interesting source: Facebook.
Fighting off botnets demands public–private sector partnership
Botnets are a rising tide in the malware ocean, but implementing a set of security best practices can aid organizations in erecting levies against it.
BeyondTrust purchases Windows system management specialist
Access management specialist BeyondTrust, headquartered in Carlsbad, California, has acquired Blackbird Group to bolster its product portfolio.
Mixed bag of attitudes and success with encryption
Almost half of businesses worldwide have started using encryption technology to protect critical data, and encryption is now the fifth most used protection technique claims a new report.
The cloud is loved, but not trusted
'Do as I say, not as I do' seems to be the attitude toward the cloud held by security professionals – it’s good enough for company data, but not our own data.
Companies are losing control of their data to the mobile revolution
Users are sharing information on social networks and using public cloud services to move data from corporate to personal devices in ways that by-pass company security policies and systems, and expose company data.
1.6 million records hacked and dumped by GhostShell
Hacking group Team GhostShell launches a new logo, drops 1.6 million hacked records in the name of ProjectWhiteFox (NASA, European Space Agency, Bigelow Aerospace and more), and signs off until the new year.
Shamoon was an external attack on Saudi oil production
In its first comment on the apparent purpose behind the August Shamoon attack on Aramco, Saudi Arabia said Sunday that it was an external attack not just against Aramco, but against the Saudi economy.
GPU cluster can crack any NTLM 8-character hashed password in 5.5 hours
A cluster of 25 AMD Radeon GPUs using OpenVCL and the Hashcat password recovery software is claimed to make 348 billion guesses per second against NTLM hashed passwords, and 63 billion against SHA1 hashed passwords according to a presentation at last week’s Passwords^12 conference in Oslo.
Cyber-attacks that kill, IPv6, and vulnerability markets on tap for 2013
As rough of a year as 2012 was for cybersecurity, in 2013 we will see higher stakes than ever before, researchers say. WatchGuard's security research analysts are predicting upticks in emerging cyber threats – including those that can cause loss of human life.
Goodbye, 123456: Blackberry bans weak passwords
Blackberry has always had a reputation for taking particular care when it comes to security. Its enterprise-server-based deployment configuration was one of the reasons the Blackberry soared to such a high penetration rate in North America, pre-iPhone. Now, Blackberry-maker Research in Motion is tackling the consumer side of things, banning 106 passwords from being used with its devices because they are too weak.
New and improved SHA1 cracking method for passwords published
SHA1 is probably the most widely used password cryptographic hash function; but perhaps it shouldn’t be. The first attack faster than brute force against SHA1 was discovered in 2005, and just over two months ago NIST declared, “Federal agencies should stop using SHA-1...”
Malware set to take a big bite out of Apple in 2013
As Macs and other Apple devices move from the purview of the creative and CxO arenas into a more entrenched home in the enterprise, SophosLabs expects malware developers to reallocate their resources accordingly.
Zeus malware throws €36+ million lightning bolt across Europe
A highly sophisticated, multi-pronged cybercriminal attack used to steal an estimated €36+ million from more than 30,000 bank accounts across Europe has been uncovered. The attack uses a new, souped-up form of the Zeus trojan.
2012: The Year Malware Went Nuclear
Kaspersky Lab has broken down the top security stories of 2012, and the list is certainly filled full of doozies. The Mac OS X Flashback epidemic, cyber-espionage, the Android mobile malware explosion and Java zero-days are but a few of the greatest hits, or worst hits, as it were, of the year.
