Infosecurity News
Swiss intelligence agency loses terabytes of data to an insider
An IT technician working for the Swiss intelligence agency NDB simply downloaded and walked out with terabytes of data – the equivalent of ‘thousands or even millions of printed pages.’
O2 Ireland loses back-up tape with unknown, unencrypted data
O2 Ireland, part of the Spanish telecommunications company Telefónica Europe, has admitted the loss of a backup tape. The loss happened in September 2011, O2 learned about it in the summer 2012, and is now telling its customers.
Acer India hacked by Maxney; 15,000 user details leaked
It was announced on Sunday that the Acer India website has been hacked over the weekend, and a 41 Mb file was stolen and published on RapidShare.
Microsoft tackles click-fraud in online advertising
Microsoft is teaming up malware researchers with its online advertising fraud experts in order to tackle a rising tide of online click-fraud.
EMV global payment standard will drastically reduce credit-card fraud in the US
With the Europay, MasterCard and Visa (EMV) global standard for credit and debit cards poised to be adopted in the US (there is an April 2013 migration deadline), analysts at Frost & Sullivan say that credit card payments will become much more secure. Almost half of the world’s credit card fraud last year (46%) took place in the US, where the easily compromised magnetic stripe still rules the day.
Hacktivist group targets Syria in wake of internet blackout
Global hacktivist collective Anonymous is targeting Syrian websites worldwide to protest an internet blackout in that country, which was instituted Thursday in what most think is an attempt by President Bashar al-Assad to cut off communication routes for the opposition.
Clickjacking threatens two-thirds of top 20 banking sites
Almost a two-thirds of the top banking sites, one-fifth of popular open-source web app sites and a full 70% of the top 10 websites by number of visitors have absolutely no countermeasures against clickjacking attacks, even if they require a secure environment, such as banks providing online banking services.
Anti-virus vendors warn users to beware of the ChangeUp worm
ChangeUp is the Symantec name for the worm known as W32/VBNA-X by Sophos and W32/Autorun.worm.aaeb by McAfee. All three companies are warning their users about an increase in detections over the last few days.
BPI demands UK Pirate Party shut down its Pirate Bay proxy
The British Phonographic Industry (BPI) has written to the UK Pirate Party, a democratic political party, and demanded that it close the proxy service it provides to allow users to bypass the ISP block on The Pirate Bay.
Hewlett Packard’s Autonomy woes deepen
On Tuesday a new shareholder lawsuit claimed audit firms Deloitte and KPMG missed red flags about Autonomy’s accounting, and also named HP's board of directors, officers, and former executives alleging breach of duty and negligence.
Report tests browser ability to filter malicious URLs
NSS Labs has published the second of its two analyses on the security capabilities of the four leading browsers. The first report was on the ability of browsers to block malware; this second is on browsers ability to filter malicious URLs.
Crystal ball time: Top 2013 risks include cyber war, cloud and BYOD
As the year draws inexorably to a close, it’s only fair and natural that we, as an industry, peer into the future to see what could await us in the New Year. The latest to tackle such prognostication is the Information Security Forum (ISF), which has ID’d the top five security threats businesses will face in 2013.
91% of APT attacks start with a spear-phishing email...
...and 94% of the emails carry a malicious attachment – usually in ZIP, XLS or RTF format. These are the findings of new research published today.
Critical infrastructure at risk from SCADA vulnerabilities
SCADA software, used for industrial control mechanisms in utilities, airports, nuclear facilities, manufacturing plants and the like, is increasingly a target for hackers looking to exploit what appear to be growing numbers of vulnerabilities – giving rise to fears that critical infrastructure may be at risk.
Yahoo! mail exploit on sale for $700
A new zero-day vulnerability in Yahoo! Mail has given rise to a $700 exploit for sale in the hacking underground.
Europol and ICE seize 132 domain names on Cyber Monday
The US Operation In Our Sights temporarily morphed into Project Cyber Monday 3 – with a European Project Transatlantic offshoot – and netted a combined haul of 132 seized counterfeiting website domains.
High-end Citadel financial malware overtakes Zeus as king
Citadel, which researchers say is essentially the Lamborghini of the financial information-stealing malware scene, is well on its way to overtaking Zeus and SpyEye as the go-to banking trojan after only being discovered earlier this month.
Go Daddy DNS hack spreads ransomware
Go Daddy, the world’s largest internet domain host and registrar, may soon be known for more than those racy Super Bowl ads featuring Danica Patrick: ransomware is being spread across its footprint.
OFCOM suggests ISPs must decide who is a subscriber in relation to 3-strikes
Just as the US voluntary six-strike infringement code is about to begin, the UK’s statutory three-strike regime inches closer with an OFCOM study into piracy and guidance on what constitutes a subscriber.
Greek man arrested over theft of 9 million personal data details
While European eyes are focused on the increasing political unrest in Greece, it has taken US reporters to notice a small detail: a Greek man has been arrested on suspicion of stealing 9 million personal data files.
