Infosecurity News

  1. Veracode goes large with VAST app security testing for cloud, mobile

    Application security testing company Veracode has launched the Vendor Application Security Testing (VAST) program to provide independent, automated and outsourced compliance testing for cloud, mobile and outsourced applications, to help enterprises reduce the security risks associated with the use of vendor-supplied software.

  2. Microsoft: Pre-installed malware not from factory lines

    The pre-installed malware found on fresh-from-the-factory PCs by Microsoft's Digital Crimes Unit was not implemented on the factory line, a Microsoft spokesperson has confirmed.

  3. Peter the Great beats Sun Tzu in cybercrime

    Despite the hoohaa about the ‘Chinese cyberthreat’ (in reality, read east Asia), Russia’s Peter the Great (in reality, read east Europe) is beating Sun Tzu in modern cyber wargames. Eastern Europe has better cybercriminals than eastern Asia.

  4. TDSS/TDL4 'indestructible botnet' is back with 250K victims already

    Damballa has discovered a new iteration of the TDSS/TDL4 botnet that, at its height last autumn, infected more than 5.5 million victims. Now, it’s back and is utilizing domain generation algorithm (DGA)-based communication for command-and-control (C&C).

  5. Romanian Subway hackers plead guilty to cyber-fraud

    Subway restaurant franchises can rest easy: The culprits behind an international electronic fraud ring that targeted point-of-sale (PoS) vulnerabilities at hundreds of US retail locations have pled guilty to cyber-fraud charges.

  6. The cloud: transforming the role of the infosec professional

    Infosecurity caught up with John Howie, COO of the Cloud Security Alliance (CSA), at the recent ASIS/(ISC)² Congress in Philadelphia, where he discussed how the cloud is altering the role of security professionals

  7. 51% of SMB endpoints infected annually

    When it comes to small- and medium-sized business (SMB) applications, the cloud and mobility are on the rise, driving an increased need for comprehensive security, according to a new report from Osterman Research, commissioned by Trend Micro.

  8. NullCrew: the principled hacker group?

    In a wide-ranging interview broadcast over online Spreaker radio but conducted probably via IRC, UK Anon Winston Smith has been talking to Null, the leader of the NullCrew hacking group.

  9. GSA to implement $2.5B email-as-a-service project

    The US General Services Administration (GSA) is planning to implement a five-year, $2.5 billion email-as-a-service (EaaS) strategy, as part of the government-wide cloud computing initiative that helps meet federal mandates for migrating information technology to the cloud.

  10. Philippines inks Cyber Crime Prevention Act

    The Phillipines has signed the Cybercrime Prevention Act of 2012 into law, meant to curtail and punish a range of internet-related offenses, from libel to hacking and cybersex to spamming.

  11. Cyber Security Hall of Fame to induct 11 security pioneers

    The first inductees of the National Cyber Security Hall of Fame have been announced, representing a collection of pioneers who invented the technologies, created awareness, promoted and delivered education, developed and influenced policy and created businesses to begin addressing the threats that came along with the rise of the digital age.

  12. China's smart-grid explosion drives 'huge' security spending spree

    China’s cybersecurity market is set to explode, growing from a valuation of just $1.8 billion last year to $50 billion by 2020, according to new research from GlobalData. The big 44.7% growth curve – which the firm says is an anomaly on the global stage – will be mainly driven by efforts to secure the country’s extensive and ever-growing power infrastructure.

  13. Where to go to find the music pirates

    A new report, drawing on 18 million observations of P2P activity on BitTorrent file sharing, analyzes what locations are downloading which music files – legally or illegally.

  14. Quantum Key Distribution takes to the air

    An aircraft in flight has successfully transmitted quantum encryption keys to a ground station, bringing closer the time when satellites can be used to provide a theoretically (allegedly) secure communications network.

  15. YouTube declines to remove Mohammad video clip

    Asked by the White House to reconsider whether the infamous Mohammad video clip is in violation of its terms of service, Google has replied that it is not. Although it is blocking the clip in Egypt, Libya, Indonesia and India, this, says Google, is in keeping with local laws.

  16. AlienVault doxes the man behind the PlugX RAT

    AlienVault has been tracking the PlugX remote access trojan for some months, and following extensive detective work has now uncovered enough information to name the person behind it.

  17. GCHQ Academic research institute to investigate the “Science of Cyber Security”

    Yesterday the UK Government Communications Headquarters (GCHQ – one of the UK’s three intelligence agencies) announced that it has set up “a new academic Research Institute to improve understanding of the science behind the growing Cyber Security threat.”

  18. BlackHole 2.0 now available, with a raft of hacker upgrades

    Fave hacker toolkit BlackHole has gotten an upgrade. Version 2.0 of the exploit kit is now available to mine security holes for opportunities to infect machines with slew of malicious programs. It adds a host of new features, at the same pricing as before.

  19. Pre-installed malware in production lines spurs Microsoft's 3322.org takedown

    Microsoft digital crime investigators have purchased several PCs from stores in China, finding that 20% were already infected with Nitol botnet.

  20. Microsoft kills most of Forefront portfolio

    In an effort to align its security and protection portfolio with the workloads and applications they protect, Microsoft is eliminating several of its Forefront products.

Why Not Watch?

  1. OT Security Ecosystem for Targeted Risk Reduction and Reporting

  2. Modernizing GRC: From Checkbox to Strategic Advantage

  3. Mastering AI Security With ISACA’s New AAISM Certification

  4. Audit & Compliance in the Era of AI and Emerging Technology

What’s Hot on Infosecurity Magazine?