Infosecurity News

  1. ISACA welcomes strengthening of UK penalties on data breaches

    ISACA, the not-for profit international association of 86 000 IT security, audit and governance professionals, has welcomed news that the UK government has beefed up the penalties the Information Commissioner's Office (ICO) can impose on errant companies causing major data breaches.

  2. Microsoft confirms Thursday patch for Internet Explorer exploit

    Confirming what many internet industry watchers thought would happen this week, Microsoft says it will release an out-of-band patch later today, for the Internet Explorer security vulnerability used to attack Google and around 30 other companies affected by the widely publicised security flaw seen in the Google/China incident.

  3. Further evidence links Aurora attack to China

    Further evidence has emerged suggesting that the Operation Aurora attack exploiting a zero-day flaw in Internet Explorer came from within the People's Republic of China.

  4. Internet Explorer zero-day vulnerability spreads to Microsoft Office as fixes surface

    Microsoft has scheduled an out-of-band patch for the zero-day vulnerability in Internet Explorer, just as other fixes for the problem began to surface. The company has also admitted for the first time that the attack could be used to compromise a computer using Microsoft Office.

  5. Sourcefire launches faster IPS configuration

    Sourcefire has increased the speed of its intrusion prevention system, or IPS, announcing support for a 20 Gbit/sec clustered model.

  6. $100 000 cracking prize goes unclaimed at CES

    Despite 45 teams trying for up to two hours at the recent Consumer Electronics Show in Las Vegas, it seems that the latest USB drive-equipped Swiss Army Knife - which sports an encrypted (Elliptical Curve and AES) data storage feature - was uncracked.

  7. France joins Germany in public slamming of Internet Explorer

    Following on from Germany's internet security agency publicly slamming Internet Explorer over the weekend and advising internet users to switch to another browser, France's CERTA agency has made a similar pronouncement.

  8. PDF attacks target defense community

    Evidence of further targeted attacks are surfacing, just days after Google and other technology companies announced that they had been the victims of a concerted campaign. This time, the attacks targeted PDFs of those in the US defense community, and occurred more recently.

  9. Internet Explorer zero-day code goes public

    The Internet Explorer exploit code used in the Operation Aurora attack against Google and other technology companies has made it into the public domain, and has been incorporated into the Metasploit penetration testing tool, it was revealed this weekend.

  10. Internal security risks webinar this Wednesday

    The internal security risk issue is fast becoming a boardroom topic in most organizations, especially now that relatively rare road warriors have given way to a truly mobile workforce, able to work from almost anywhere, in most businesses.

  11. Conservative party outlines plans on cybersecurity

    The Conservative party has published a green paper which, amongst other items of national security, seeks to create a center to deal with cyberattacks against the UK.

  12. Time Inc employee fired over customer credit card issue

    Time Inc has written to customers and the New Hampshire Attorney General's office, warning of a potential security breach following the possible misuse of customer credit card information by an employee.

  13. Blackhats and whitehats react to Haiti tragedy

    Blackhats and whitehats reacted with typical polarity to the disastrous Haiti earthquake this week. One faction unleashed a torrent of malware capitalizing on the tragedy, while the other organized a series of 'hackathons' to help develop technologies that would assist the humanitarian mission.

  14. Online criminals looking to profit from Haiti earthquake

    Proving that there is no situation too tragic to exploit, cyber scofflaws have been quick to capitalize on the world’s interest in the recent earthquake in Haiti. With so many people looking to reach out and donate to victims of the tragedy, one group of black hats are attempting to rake in some of that cash by exploiting search engine optimization (SEO) techniques.

  15. Google - China attack episode: Is Microsoft to blame?

    A complex attack on the Google Gmail accounts of human rights activitists – apparently from hackers based in China – has now been indirectly blamed on Microsoft, after McAfee Labs announced last night that the attacks appear to exploit a little-known vulnerability in Microsoft Internet Explorer.

  16. Employees increasingly found to be downloading illegal files

    As if companies have not had enough IT security headaches already, it seems that a growing number of firms have problems with their staff illegally downloading copyrighted files whilst at work.

  17. DARPA enters second leg of cybersecurity testing project

    The Defense Advanced Research Projects Agency, or DARPA, has awarded $55.5m in contracts to bolster a secretive cybersecurity monitoring system, it was announced this week.

  18. Internet Explorer vulnerability used in Google attack

    More details are emerging concerning the concerted attacks on over 20 technology companies, including Google, that were revealed earlier this week. The attackers targeted a vulnerability in Internet Explorer, according to Microsoft. It is now investigating the flaw, which could allow attackers to execute arbitrary code.

  19. Unprotected enterprise end point rising, despite security scares

    A study into remote working carried out by Check Point Software Technologies has found that, despite a significant rise in the numbers of remote workers, only 27% of organisations use encryption to protect their corporate data.

  20. Mobile security demand being driven by encryption

    Research just released claims to show that demand for mobile security technology is being driven by encryption in all its various forms.

Why Not Watch?

  1. Exposing AI’s Blind Spots: Security vs Safety in the Age of Gen AI

  2. How Mid-Market Businesses Can Leverage Microsoft Security for Proactive Defenses

  3. OT Security Ecosystem for Targeted Risk Reduction and Reporting

  4. Risk-Based IT Compliance: The Case for Business-Driven Cyber Risk Quantification

What’s Hot on Infosecurity Magazine?