Infosecurity News
Firefox 20: 11 security fixes and improved private browsing
Firefox 20 was released on Tuesday. It includes 3 critical, 4 high, and 4 moderate vulnerability fixes; plus several enhancements including a private browsing mode and improved download manager.
LockLizard extends PDF rights management security to the iOS platform
The London-based digital rights management (DRM) specialist has released its latest Secure PDF Viewer for the iOS mobile operating system
BaneChant trojan hides behind multiple mouse clicks
A backdoor trojan apparently aimed at the governments of the Middle East and Central Asia has been detected, with a notable new ability to evade detection by tying its execution to multiple mouse clicks.
Washington DSHS clients face potential patient data breach
Stolen hardware is once again the culprit behind a potential healthcare breach – this time in Washington state, where a private contractor's laptop containing confidential and personal health information on 652 state Department of Social and Health Services (DSHS) clients was discovered to be stolen.
Men's Health & Miltary-themed emails spread malware
An email campaign spreading malware via links purporting to be either for Men’s Health articles or military-related is spreading quickly, and appear to be coming from Australia or South Korea.
Does ACTA live on in the EC IPRED Directive?
The European Commission has run a public consultation on the enforcement of IPRED – the Intellectual Property Rights Enforcement Directive. The consultation closed on the day before April Fool’s Day – but not everybody is amused.
American Express joins the ranks of US banks attacked by al-Qassam group
On Thursday last week the American Express website went offline for a couple of hours during a DDoS attack by the Izz ad-Din al-Qassam Cyber Fighters in pursuance of their ongoing protest against the Innocence of Muslims video.
Don't forget: Evernote used for malware control
The cloud-based note-taking tool Evernote, with its adorable elephant logo and general user-friendly touchy-feely vibe, seems innocuous enough. However, cybercriminals are giving it a very different character, by hijacking the popular service and using it as a communication and control (C&C) server for malware.
Amazon cloud’s public buckets may be too public
Amazon’s Simple Storage Service (S3) is a popular cloud storage service, used by business to store static files, and by individuals to share them. Storage can be either public or private; but new research suggests that public is possibly more public than intended.
Spamhaus suffers largest DDoS attack in history – entire internet affected
Spamhaus, an IP blacklisting service, has been under a distributed denial-of-service (DDoS) attack for a week. Attack traffic has been rated at up to 300Gbps – three times higher than the previous record, and six times greater than the typical attack recently targeting US banks.
Java vulnerabilities are almost ubiquitous
Java vulnerabilities are seemingly ubiquitous, with vulnerabilities and zero-days nabbing headlines on what seems like a weekly basis. According to an analysis, that perception cleaves fairly close to reality: 94% of endpoints are vulnerable to at least one Java exploit, opening the door for data theft.
The dark side of encryption and social networks: Pedophile Jailed in UK
An internet pedophile has been jailed at the Inner London Crown Court for eight years after using social networks for grooming and encryption to hide his offenses. Because of the encryption, the police can only guess at other crimes.
Trojans, RATs and Slovenian money gang involved in $2.5 million bank fraud
Slovenian Police have detained five citizens in a $2.5 million, highly targeted bank fraud campaign. The criminal group was found to be using 25 money mules to electronically transfer funds out of the accounts of smaller companies.
Identifying individuals through mobile tracking
A new report published in Nature's Scientific Reports section shows how the location data available from mobile devices can be used as a virtual fingerprint to identify individual people regardless of whether the data is 'anonymized'.
Ministry of Justice consultation on compulsory DPA audits for NHS bodies
The UK Ministry of Justice has issued a new consultation paper aimed at NHS data controllers asking for views on whether the ICO should be able to impose a data protection audit on NHS bodies without their consent.
Pirated software carries malware payload that can cost billions
Pirated software may carry an ostensibly small price tag compared to the real thing, but it often also carries something else: ride-along malware that will cost consumers 1.5 billion hours and $22 billion this year in identifying, repairing and recovering from its impact.
Advanced vSkimmer botnet targets card payment terminals
The next evolution of credit card payment details extraction has hit Russian underground hacking forums in the form of the vSkimmer malware, a botnet that directly targets card payment terminals using Windows.
Anonymous claims Mossad hack; experts not convinced
This weekend saw the release of around 35,000 names and other details, allegedly including Mossad agents, stolen by Anonymous and following a warning that OpIsrael phase 2 – designed to ‘erase’ Israel from the internet – would commence on 7 April.
Details of the latest Sykipot exploits revealed
Sykipot malware, often tied to a Chinese origin, has been used extensively over the last few years to target primarily US defense organizations. Now the latest zero-day exploits used by the gang have been revealed.
Seoul cautious in blaming North Korea for massive cyberattack
South Korea, the globe’s most-wired country and one of its biggest tech hubs, has been hit with a wave of attacks on major media and banks, freezing networks and broadcast infrastructure and rendering a swath of ATMs, mobile banking, websites and payment kiosks unusable.
