Infosecurity News

  1. Law enforcement union calls for legislative probe into Anonymous hack

    The Peace Officers of California (POC) group is demanding a legislative investigation into the handling of an Anonymous hack of the California State Law Enforcement Association (CSLEA) website.

  2. Lilupophilupop: Tongue-twister SQL injection attacks pass one million mark

    The lilupophilupop.com SQL injection attacks, first analyzed by the SANS Internet Storm Center in early December, have topped one million infected pages.

  3. WordPress 3.3 has XSS vulnerability, say Indian researchers

    Indian researchers Aditya Modha and Samir Shah have uncovered a cross-site scripting (XSS) vulnerability in WordPress 3.3.

  4. Stuxnet and Duqu were produced by the same malware team

    Kaspersky’s lengthy investigation into the Duqu worm concludes that it comes from the same developers as Stuxnet. This, potentially, has serious implications.

  5. Leveson Inquiry shows government should concentrate RIPA reforms on the media

    A UK lawyer has called on the government to redirect its reforms of the Regulation of Investigatory Powers Act (RIPA) away from local authorities and toward journalism.

  6. Care2 fails to take care of members' personal information

    Online community Care2 has notified its close to 18 million members that the site’s servers were attacked, resulting in a security breach.

  7. Hackers celebrate New Year's by breaching Philippine government websites

    The PrivateX hacker group breached two Philippine government websites, the Office of the Vice President (OVP) and the Philippine Nuclear Research Institute (PNRI), on New Year’s Day.

  8. Service wipes data from government PCs with degaussing

    PC Recycler provides electronics recycling services to a number of US government agencies, using degaussing to wipe data from the devices before destruction.

  9. Saudi hackers publish personal data Israeli sports site subscribers

    Saudi hackers who claim they are members of Anonymous have breached the Israeli ONE sports website and leaked personal information on 400,000 subscribers.

  10. Raytheon goes on cybersecurity buying spree

    Last month, US defense contractor Raytheon acquired two companies that supply cybersecurity products and services to the US military: Henggeler Computer Consultants and Pikewerks Corp.

  11. Critical infrastructure firms should update cybersecurity infrastructure, McAfee advises

    Based on its assessment that cyberattacks against critical infrastructure will increase next year, McAfee advises critical infrastructure companies to upgrade their cybersecurity infrastructure.

  12. No rogue certificates were issued by Comodohacker, says GlobalSign

    After an extensive review, Belgian certificate authority (CA) GlobalSign said that no rogue certificates were issued and no customer data were exposed as the result of a breach disclosed in September.

  13. India's Paladion to set up cybercrime monitoring hub in Oman

    Indian information security firm Paladion Networks has announced plans to set up a dedicated hub in Oman to monitor and respond to cybercrime in the sultanate.

  14. Buffer overflow vulnerability identified in Sielco Sistemi SCADA system

    The US Department of Homeland Security (DHS) is warning about a buffer overflow vulnerability in the Sielco Sistemi Winlog application used to control industrial systems.

  15. Malware blocking – not sandboxing – key to browser security, says Imperva

    The browser’s ability to block socially engineered malware, not sandboxing technology, is the most important criteria to judge browser security, argues Rob Rachwald, director of security strategy at data security firm Imperva.

  16. On the second day of Christmas, Mozilla gave two Firefox version 9s

    On Tuesday, Mozilla released version 9 of its Firefox browser with fixes for a number of memory safety bugs in the browser engine; then, 24 hours later, it released 9.0.1 to fix a bug that caused Mac, Linux, and Windows users’ browsers to crash.

  17. Anonymous claims responsibility for takedown of Egyptian government sites

    The hacktivist group Anonymous claimed this week that it took down a dozen Egyptian government websites using distributed denial of service (DDoS) attacks in retaliation for the government’s treatment of protestors.

  18. $16 million class-action lawsuit filed over UCLA Health System data breach

    A $16 million class-action lawsuit has been filed against the UCLA Health System for a data breach that compromised personal information of more than 16,000 patients.

  19. Multi-factor biometrics to change the security landscape, IBM predicts

    Multi-factor biometric authentication is one of the five innovations that are likely to change the tech landscape within five years, according to IBM’s 5 in 5 annual list of innovations.

  20. Twitter says Whisper Systems' encryption software will no longer be a secret

    Microblogging service Twitter has decided to open source some of Whisper Systems' software, including the TextSecure text-messaging encryption for Android devices, on Github.

Why Not Watch?

  1. Revisiting CIA: Developing Your Security Strategy in the SaaS Shared Reality

  2. Exposing AI’s Blind Spots: Security vs Safety in the Age of Gen AI

  3. How To Enhance Security Operations with AI-Powered Defenses

  4. Time Is a New Attack Surface: Securing Networks with Trusted Time Synchronization

What’s Hot on Infosecurity Magazine?