Infosecurity News

  1. (ISC)² looks to address security expertise gap with 2013 scholarships

    It’s no secret that with the ever-rising tide of cyber threats there comes a need for additional security expertise to adequately combat the scope of attacks. Many IT departments suffer from a human capital resource issue, and it’s not always funding-related.

  2. New Linux rootkit delivering drive-by infections discovered

    Eight days ago an ‘anonymous victim’ posted details of a new Linux rootkit to the Full Disclosure mailing list, asking for information. The rootkit was adding an iFrame into HTTP responses returned by the victim’s web server.

  3. Quantum cryptography for all takes a giant leap closer

    Toshiba Research Europe, working with the Cambridge University Engineering Lab, has today announced a breakthrough in quantum cryptography; bringing the potential for secure communications for everyone closer to reality.

  4. Problems with the EU’s proposed ‘right to be forgotten’

    The EU’s proposed Data Protection Regulation includes a difficult concept known as the ‘right to be forgotten’. It proposes that individuals should be able to remove personal data that they no longer wish to be public – but it is fraught with difficulties. ENISA has produced a report on these difficulties.

  5. INSIDE Secure buys Apple’s left-overs

    In July Apple announced its intention to acquire security firm AuthenTec. This deal was completed on 4 October. Yesterday, French security firm INSIDE Secure announced its intention to acquire ESS. ESS is owned by AuthenTec.

  6. The legal implications of botnet disruptions

    The best defense against a botnet is to get rid of it – to infiltrate it, to learn all about it, and to take it down. While the takedown is usually done by or with law enforcement and any necessary court orders, the initial infiltration, often by individual security researchers or anti-malware vendors, remains a legally grey area.

  7. Proof-of-concept malware takes over USB smartcards

    As if malware weren’t becoming pervasive already, a new proof-of-concept has been developed by a team of researchers that takes over smart cards plugged into an infected computer’s USB port, putting them and all of the information contained on them in the hands of potential cybercriminals.

  8. ENISA and the privacy considerations of online behavioral tracking

    With advertisers still claiming that ‘do not track’ will destroy the free internet, and a European Commission proposal for privacy-by-design and by default – enforced by sanctions – ENISA has published ‘a technical perspective on behavioral tracking.’

  9. Opera users urged to check for malware

    Browsers come ready-configured with their own start-up home page; but the default Opera home page (portal.opera.com) was compromised with an obfuscated redirect leading to the blackhole exploit kit.

  10. Hacking-as-a-service offers access to Fortune 500 servers for a few bucks

    Call it a hacking-as-a-service (HaaS): a group renting network server access for a variety of Fortune 500 companies, including Cisco Systems, is taking advantage of weak passwords to offer logins for cheap. Despite its discovery three weeks ago, the service still appears to be going strong, at last count renting access to nearly 17,000 computers worldwide.

  11. Google: government user info requests spike sharply in 2012

    No doubt eagerly awaited by online privacy experts, Google has updated its biennial Transparency Report, revealing that governments around the world made nearly 21,000 requests for access to Google data in the first six months of 2012 – a sharp increase. The most requests came from home, with the US asking for information 7,969 times in the first half of the year.

  12. Adobe shuts Connectusers.com following data breach

    On Tuesday a hacker calling himself ViruS_HimA and claiming to be Egyptian announced that he had hacked an Adobe server and dumped over 150,000 emails. Associated passwords were also leaked.

  13. NASA laptop with unencrypted data stolen from vehicle

    “On October 31, 2012, a NASA laptop and official NASA documents issued to a Headquarters employee were stolen from the employee's locked vehicle,” says a 13 November email to all NASA employees. It warns that the laptop contains unencrypted personally identifiable information “for a large number of NASA employees.”

  14. Skype account hijacking vulnerability required only an email address

    Shining a major spotlight on the importance of privacy, Skype has addressed a major vulnerability that allowed hackers to take over any Skype account, armed only with the user’s e-mail address. The flaw was being actively exploited in the wild for three months before Skype owner Microsoft fixed it today, security researchers uncovered.

  15. Online fraud rings on the rise; 10K in US alone

    While global cybersecurity attention tends to be placed on headline-grabbing exploits by hacktivists and cyber-espionage activities, there is a much less high-profile but no less dangerous threat festering: Online fraud rings, bent on identity theft.

  16. Staff of European Commissioner for the Digital Agenda hacked

    Further light on the hack of Neelie Kroes’ members of staff while attending an Internet Governance Forum (IGF) conference in Azerbaijan has emerged: Laptops that used a Baku hotel's unsecured WiFi were affected.

  17. ISACA tackles biometrics, cybersecurity with latest IT audit programs

    To help IT auditors stay up to date with the latest organizational requirements, ISACA has published three new customizable IT audit/assurance programs. They cover cybercrime detection and prevention, the use of biometrics, e-commerce security, and the implementation of virtual private networks (VPNs).

  18. Financial trading security should take a 'nuclear' approach

    Cyber-trading and financial security systems can take a page from the nuclear industry, according to a new report from Foresight. While the report does not make policy recommendations, it defines fundamental questions that the authors believe should be addressed on systemic risk, protection systems and computer assurance.

  19. World of Warcraft maker hit with lawsuit over data breach, authentication

    World of Warcraft creator, Blizzard, has been slapped with a class-action lawsuit initiated by two gamers who feel that the company's security policies are geared to be for-profit and “deceptive” in terms of users understanding just how secure – or insecure as the case may be – their information is.

  20. New cyber-espionage bug moved from Palestinian to Israeli targets

    Recently, it came to light that a new cyber-espionage APT dubbed XtremeRAT was targeting Israeli government and police entities. While not advanced, the threat is most certainly persistent: New analysis shows that the threat has been around much longer than previously thought – at least a year – and originally attacked Palestinian targets.

Why Not Watch?

  1. Exposing AI’s Blind Spots: Security vs Safety in the Age of Gen AI

  2. Audit & Compliance in the Era of AI and Emerging Technology

  3. How Mid-Market Businesses Can Leverage Microsoft Security for Proactive Defenses

  4. Modernizing GRC: From Checkbox to Strategic Advantage

What’s Hot on Infosecurity Magazine?