Infosecurity News

  1. Android malware targets women with 'meet a rich man' gambit

    Hackers are getting more and more personalized, going after specific niches in a long-tail attempt to avoid wide-net security measures. True to form, a new type of Android malware has been spotted, specifically designed to target female, single smartphone users.

  2. Google's Postini transition sparks competitor feeding frenzy

    E-mail security vendors are trying to lure customers away from Google as the internet juggernaut transitions its Postini security customers to its Google Apps infrastructure. The feeding frenzy is unsurprising: Google has 26 million customers for the taking.

  3. More password problems from Windows Registry

    In an announcement that echoes the recent revelations about UserPasswordHint in the Windows Registry, a Russian security firm says passwords protected by a fingerprint swiping system are stored in the Registry in ‘nearly’ plain text.

  4. Kaspersky looks at the wreckage of Wiper malware

    Kaspersky Lab – which to a large extent has led the analyses of the new cyberweapon class of malware (Stuxnet, Duqu, and Flame) has been taking a closer look at what the most destructive sample, Wiper, has left behind.

  5. VirusBuster is dead. Long live Agnitum’s VirusBuster

    On 7 August 2012, the Hungarian anti-virus company VirusBuster announced the cessation of its similarly-named VirusBuster anti-virus product: the development department is “no longer sustainable in its current form and therefore is in the process of closing down.”

  6. Megaupload v2 in the pipeline

    Kim Dotcom never accepted that Meagupload was finished. Now he has said that it will return, bigger, better and more secure than ever. “We are building a massive global network. All non-US hosters will be able to connect servers & bandwidth. Get ready.”

  7. Cambridge professor questions the viability of ‘anonymization’

    In an article published in yesterday’s Guardian, Professor Ross Anderson (University of Cambridge Computer Laboratory) questions the reliability of David Cameron’s plan to make anonymized health data available to researchers.

  8. Second LulzSec member arrested over Sony hacks

    Raynaldo Rivera (aged 20), aka neuron, royal and wildicv, has been taken into custody following his indictment last week charging him with conspiracy and unauthorized impairment of a protected computer; that is, last year’s Sony hacks.

  9. Hackers target hotel room key-card security

    Think twice before not dead-bolting your room next time you stay at a hotel: Hackers have taken to the internet with a series of videos demonstrating how to compromise the information security within hotel room keycard locks, in order to make them open themselves.

  10. Brain hacking for neurocomputing inches closer to reality

    Imagine a world where sensitive information can be extracted from a brain-computer interface via electronics that quite literally pick your brain for passwords. It may sound like science fiction, but a new experiment into the space has revealed a potentially huge security threat stemming from so-called “brain hacking.”

  11. Sprint rolls out multi-carrier managed BYOD service

    The bring-your-own-device (BYOD) trend is top of mind for most IT departments as smartphones and tablets continue to do double duty as personal and work enablers. Scenting the zeitgeist, Sprint has added the aptly named BYOD Management service to its professional services portfolio, aiming to help enterprises manage the security, administration and shared costs for employees who use their personal mobile devices for work.

  12. German consumer group warns Facebook over users’ privacy

    Facebook is violating German privacy laws says the Federation of German Consumer Associations (vzbv), which has issued a ‘cease and desist’ notice giving the social network a one-week ultimatum to comply or face legal action.

  13. Cloud-based service models slowly gain risk-management traction

    Enterprises are still leaning away from sharing sensitive information via cloud-based business practices, according to Gartner’s annual risk management survey, as security fears continue to be a barrier in hosted services adoption. However, more businesses are trusting software as a service (SaaS), platform as a service (PaaS), infrastructure as a service (IaaS) and data center outsourcing than they were a year ago.

  14. BlackBerry targeted by second malware attack

    As if BlackBerry customers didn’t have enough to worry about with RIM teetering on the edge of market share irrelevance (holding at just over 1% in the US), hacking watchdog Websense ThreatSeeker Network has discovered a spam-based malware campaign targeting BlackBerry customers.

  15. Trade agreement says ISPs should be ‘encouraged’ to become internet policemen

    The Electronic Frontier Foundation – legal, policy and technology activists for digital rights – is warning that the secretive Trans-Pacific Partnership trade agreement “will rewrite global rules on IP enforcement and restrict the public domain.”

  16. DR Web discovers the first Linux/OSX cross-platform trojan

    Dr Web, the Russian anti-malware company that did much to expose the growth of the Flashback botnet, has found the first Linux/OSX cross-platform trojan – which it calls BackDoor.Wirenet.1

  17. Simple extraction of hints might be another nail in the coffin of passwords

    Jonathan Claudius, a ‘builder and a breaker’ with Trustwave’s SpiderLabs was looking through the Windows Registry, as builders and breakers do, when he noticed a new entry he hadn’t seen before: UserPasswordHint.

  18. There’s a new zero-day Java exploit in the wild

    A new Java exploit has been discovered. While not yet widespread, it is in the wild, works with all major browsers, is potentially cross-platform – and has no available patch.

  19. ENISA sees problems with European cybersecurity legislation

    The European Network and Information Security Agency (ENISA) has published a report on ‘Cyber Incident Reporting in the EU’ and has found implementation gaps: “incidents remain undetected or not reported.”

  20. Cloud Security Alliance kicks off security certification

    The Cloud Security Alliance (CSA) has announced a three-tier certification initiative to provide end users with greater trust in the security measures employed by web-based and cloud application providers, along with a reduction in risk, improvement in incident recovery time and overall good information governance for the providers themselves.

Why not watch?

  1. Adapting to Tomorrow's Threat Landscape: AI's Role in Cybersecurity and Security Operations in 2024

  2. How to Secure Remote Connectivity within Operational Technology Environments

  3. How to Proactively Remediate Rising Web Application Threats

  4. Learn from the NHS - Proactive Password Security for Improved Cybersecurity

What’s hot on Infosecurity Magazine?