Infosecurity News

  1. Hacker collective leaks one million records, vows 'hellfire'

    Hacker collective Team GhostShell is boasting that it has breached more than one million user records from 100 corporate and public affairs websites across a variety of industry segments, and leaked them online.

  2. Dropbox adds two-step authentication

    File-sharing has long had a reputation for being a veritable petri dish for viruses and/or credential or identity theft, but web-storage and sharing provider Dropbox is now offering two-factor authentication to thwart would-be hackers.

  3. Oil Giant Saudi Aramco lights up network after malware attack

    Saudi Aramco, the national energy company of Saudi Arabia and one of the largest oil producers in the world, has repaired 30,000 workstations after a virus compromised security for about 75% of its terminals on Aug. 15. However, sections of its main website remained offline as of this writing.

  4. Swiss Army knife USBs slash security features

    Victorinox, maker of the Swiss Army knife, has abruptly discontinued its security offering for the Swiss Army-branded line of portable USB memory sticks.

  5. New advisory council takes aim at security best practices

    The ability to continuously monitor big data across financial, operational and IT domains has emerged as a critical security and regulatory requirement for global corporations and government agencies. However, no comprehensive industry alliance has been in place to encourage the development of independent best practices.

  6. NIST asks for comment on BIOS Protection Guidelines for Servers

    The US National Institute of Standards and Technology (NIST) is requesting comment on draft publication SP 800-147B, which provides guidelines on securing BIOS systems. BIOS has become a target for hackers and is an emerging threat area, says NIST.

  7. UK 'spy-in-the-sky' police drones coming

    The Telegraph today reported that “airborne cameras, known as unmanned aerial vehicles (UAVs) may be used over cities or big events like Glastonbury, according to a National Police Air Service director.”

  8. FireEye updates its Gauss blog post: 'we got it wrong'

    “The Gauss malware... is now back from its dormant state with a surprise. We recently discovered a very interesting shift in the Gauss malware CnC communication. Gauss bot masters have directed their zombies to connect to the Flame/SkyWiper CnC to take commands,” said FireEye originally.

  9. Six months' reprieve for LulzSec's Sabu

    Hector Xavier Monsegur, aka 'Sabu' and former lead figure in LulzSec, has been granted six months' reprieve before sentencing for his continuing co-operation with the authorities.

  10. There’s new Mac malware – but it’s not very good

    “It’s not very well written; it's not very well tested; it's probably not going to catch you unaware... and so far as we can tell, it's not in the wild,” comments Paul Ducklin of Sophos. It’s NetWeird.

  11. The ‘419 scam’ scam returns

    419 scams basically offer the target something for nothing – or more usually a large sum for just handling-costs and perhaps the target’s bank details. Now an old scam offering recompense for 419 victims has resurfaced.

  12. Shamoon likely the malware used against Saudi oil giant Aramco

    Shamoon is now thought to be the malware used in the August 15 attack against the Saudi oil giant Aramco. A group calling itself Cutting Sword of Justice has claimed responsibility, and has threatened to confirm this power by returning at 21:00 GMT on August 25.

  13. Is use of the Find My iPad app actually trespassing?

    In what many would consider a bizarre case in Australia, an accused man says the evidence against him was obtained illegally when an iPad owner electronically tracked a stolen iPad via GPS to his property.

  14. Report highlights the problems with security terminology

    This wasn’t the purpose of the NSS report – its purpose was to discuss the ability of the anti-virus industry to protect its users against vulnerabilities: “Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?”

  15. California’s Location Privacy Bill passes Assembly

    Senator Mark Leno’s SB 1434, the Location Privacy Bill, has been passed by the California Assembly with a bipartisan vote of 63-11. Having now passed both chambers of the state legislature, the bill is headed towards Governor Jerry Brown.

  16. The RuggedCom SCADA OS is vulnerable

    Last Friday security researcher Justin Clarke claimed to have discovered a serious flaw in the operating system used by SCADA systems within the critical infrastructure. Now the DHS Industrial Control Systems CERT (ICS-CERT) has issued a related alert.

  17. Shamoon – too buggy to be state-sponsored?

    When the Shamoon malware was first discovered earlier this month, it’s destructive nature puzzled researchers. Nevertheless, the apparent middle-eastern oil industry target seemed to suggest it belongs to the new brand of state-sponsored malware.

  18. Google’s new cloud Wallet – is it secure?

    Earlier this month Google made some fundamental changes to the way in which Google Wallet operates. The main difference is that the ‘active’ part of payment has been shifted from the handheld device to Google’s servers; that is, the cloud.

  19. Malware crisis for virtual machines

    OSX Crisis, discovered last month, was soon found to be cross-platform – detecting whether the OS is Windows or Mac, and responding accordingly. Now Symantec believes it may also be the first malware that attempts to spread onto a virtual machine.

  20. Up to 600 victims of the UK’s phone hacking scandal are likely to be named by the police

    The Independent has reported that the police are in the process of notifying alleged phone hacking victims as part of the generic criminal charge against seven former staff of News Corps’ now defunct publication, The News of the World.

Why not watch?

  1. How to Optimize Third-Party Risk Management Programs Through NIST CSF 2.0

  2. Navigating the Evolving Cybersecurity Compliance Landscape in 2024

  3. Is MFA Enough? Strategies for Next-Level Identity Security in 2024

  4. How to Proactively Remediate Rising Web Application Threats

What’s hot on Infosecurity Magazine?