More News
This section is for more news for you.
Security Basics
This list is for the new security administrator.
Security Basics
A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.
Information Security
Info Security News
Carries news items (generally from mainstream sources) that relate to security.
-
Cyber Recruiting, Country Music Style
-
Posted by InfoSec News on May 23
http://www.nextgov.com/cybersecurity/cybersecurity-report/2013/05/cyber-recruiting-country-music-style/63434/
[If you're looking for skilled cybersecurity experts, Please visit
http://jobs.infosecnews.org/ - WK]
By Jessica Herrera-Flanigan
Nextgov.com
May 22, 2013
The need for skilled cybersecurity experts continues to be a priority for the
U.S. government, the private sector and academia.
Since the need for a skilled workforce has...
-
'Hacking' Journalists Case Dredges Up Security Research Legal Debates
-
Posted by InfoSec News on May 23
http://www.darkreading.com/attacks-breaches/hacking-journalists-case-dredges-up-secu/240155428
By Ericka Chickowski
DarkReading.com
May 22, 2013
A legal storm is brewing between researchers who uncovered a cache of sensitive
information about 170,000 consumers through a Google search and the company
which left the information freely available online. It sounds like the typical
disclosure scuffle that the security research community has come...
-
Former Elgin deputy police chief charged with identity theft, misconduct
-
Posted by InfoSec News on May 23
http://www.chicagotribune.com/news/local/suburbs/elgin/chi-former-elgin-deputy-police-chief-charged-with-identity-theft-misconduct-20130521,0,548860.story
By Kate Thayer
Tribune reporter
May 21, 2013
A former high-ranking Elgin police officer and current Stockton police
chief was indicted Tuesday on charges he used a law enforcement database
to hack into an e-mail account and get personal information, according
to Kane County prosecutors....
-
Sharyl Attkisson's computers compromised
-
Posted by InfoSec News on May 23
http://www.politico.com/blogs/media/2013/05/sharyl-attkissons-computers-compromised-164456.html
By Dylan Byers
Politico.com
5/21/13
Sharyl Attkisson, the Emmy-award winning CBS News investigative
reporter, says that her personal and work computers have been
compromised and are under investigation.
"I can confirm that an intrusion of my computers has been under some
investigation on my end for some months but I'm not prepared to...
-
ToorCon Seattle CFP & Registration
-
Posted by InfoSec News on May 23
http://seattle.toorcon.net/cfp/
Call For Papers
Papers and presentations are being accepted for ToorCon Seattle to be held at
Neumos and around the city in Seattle, WA on July 5th-7th, 2013. To submit a
talk to ToorCon Seattle, please fill out the submission form below. Submissions
will be accepted until June 21st, 2013.
Submission of Papers
ToorCon only accepts papers on new technologies and methodologies that have
been recently...
-
U.S. power companies under frequent cyberattack
-
Posted by InfoSec News on May 23
https://www.computerworld.com/s/article/9239442/U.S._power_companies_under_frequent_cyberattack
By Jeremy Kirk
IDG News Service
May 21, 2013
A survey of U.S. utilities shows many are facing frequent cyberattacks
that could threaten a highly interdependent power grid supplying more
than 300 million people, according to a congressional report.
More than a dozen utilities said cyberattacks were daily or constant,
according to the survey,...
-
Hackers Find China Is Land of Opportunity
-
Posted by InfoSec News on May 23
http://www.nytimes.com/2013/05/23/world/asia/in-china-hacking-has-widespread-acceptance.html
By EDWARD WONG
The New York Times
May 22, 2013
BEIJING -- Name a target anywhere in China, an official at a state-owned
company boasted recently, and his crack staff will break into that
person’s computer, download the contents of the hard drive, record the
keystrokes and monitor cellphone communications, too.
Pitches like that, from a salesman...
-
How anticipating a health data breach can boost security
-
Posted by InfoSec News on May 21
http://healthitsecurity.com/2013/05/20/how-anticipating-a-health-data-breach-can-boost-security/
By Patrick Ouellette
Health IT Security
May 20, 2013
A healthcare chief information officer (CIO) saying that he expects to
experience a health data breach is not only unusual, but may produce
shock and awe in some parts of the healthcare industry. However, having
this type of outlook, regardless of whether the CIO ends up having to
deal with a...
-
Hackers Who Breached Google in 2010 Accessed Company's Surveillance Database
-
Posted by InfoSec News on May 21
http://www.wired.com/threatlevel/2013/05/google-surveillance-database/
By Kim Zetter
Threat Level
Wired.com
05.20.13
Hackers who breached Google’s network in 2010 obtained access to the company’s
system for tracking surveillance requests from law enforcement, according to a
news report.
The hackers gained access to a database that Google used to process court
orders from law enforcement agencies seeking information about customer...
-
Hunting for Syrian Hackers' Chain of Command
-
Posted by InfoSec News on May 21
http://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html
By NICOLE PERLROTH
The New York Times
May 17, 2013
It’s the question of the moment inside the murky realm of cybersecurity: Just
who -- or what -- is the Syrian Electronic Army?
The hacking group that calls itself the S.E.A. struck again on Friday, this
time breaking into the Twitter accounts and blog headlines of The Financial
Times. The attack was part of a...
Zero Day
This is the Security Digest of Kapersky Labs.
ZDNet | Zero Day Blog RSS
Latest blogs in Zero Day
- US urged to permit self-defense retaliation on hackers - Would retaliatory attacks make hackers think twice?
- US utilities under daily, constant cyberattacks: report - A new report claims that a number of U.S.-based utilities are fending off cyberattacks on a daily basis.
- Chinese cyberattack on Google exposed spy data: US officials - An attack which took place against Google exposed sensitive data concerning U.S. surveillance targets.
- Hire DDoS attack service 'legal' and connected to FBI - A service which boots websites offline for payment is legitimate, says the owner. But why a backdoor monitored by the FBI?
- LulzSec group sentenced; hacker combats child porn allegations - Core members of LulzSec have been sentenced for their campaigns, but according to the defense, some of the victims were "thoroughly deserving" of what happened to them.
- U.S. attorney general: Government should get a warrant before email, cloud storage snooping - The U.S.' highest ranking lawyer supports changes to existing email and online storage snooping laws, which are currently under scrutiny in the U.S. House.
- FBI trains bank executives on cyberattack threats - U.S. bankers have been given temporary security clearance to share data on cyberattack investigations.
- U.S. government becomes 'biggest buyer' of malware - Amid a growing battle between federal government agencies and hackers, cyberwarriors, and cyber-enemy nation states, the U.S. is ramping up its malware stockpile to 'hack back' at those who attack it.
- May's Patch Tuesday to fix two critical flaws in Internet Explorer - This coming Tuesday, Microsoft will issue fixes for 33 vulnerabilities in total, including two critical flaws relating to Internet Explorer, affecting all versions of Windows.
- Microsoft releases emergency patch for critical IE8 zero-day exploit - Users running Internet Explorer 8 — an estimated 23 percent of all IE users — should update their systems with an out-of-band emergency patch to prevent a zero-day flaw.
Threat Post
Security News from Kapersky Labs.
Threatpost
The First Stop For Security News
- Another Mac OS X Backdoor Reported - Another sample of the Mac OS X spyware discovered last week has been found in the wild, security company F-Secure said.
- Researchers Discover Dozens of Gaming Client and Server Vulnerabilities - Two video game researchers have discovered a slew of zero day vulnerabilities in the engines that run popular first person shooter games like “Quake 4,” “Monday Night Combat,” “Crysis 2” and “Homefront,” among others that could put their servers and the gamers who use them in danger.
- Legislators: Electric Utilities Dragging Heels on Cybersecurity Mitigations - A report from legislators Ed Markey and Henry Waxman provides insight into the state of cybersecurity with U.S. electric grid utilities and compliance with mandatory and voluntary standards.
- ‘The Chinese Are Not Going to Stop’ - The news that the attack on Google in 2009 also compromised a database holding warrants for lawful intercept surveillance on users has raised fears about the security of national security data on private networks. Cyberspionage operations pose a serious threat to national security, and these attacks are increasing. Dennis Fisher spoke with Anup Ghosh of [...]
- Scripps Reporters Accused of Hacking In Lifeline Data Breach - Investigative reporters for the Scripps news service have been threatened with legal action after informing a telecommunications company that confidential data on tens of thousands of applicants was available on the Internet.
- IE 8 Zero Day Pops Up in Targeted Attacks Against Korean Military Sites - The Sunshop targeted espionage malware campaign re-uses the Lady Boyle malware and a number of recently patched exploits, including one for IE 8 used in the Department of Labor watering hole attack.
- New Citadel Malware Strain Targeting Payza Service - A new variant of Citadel malware is making the rounds that are targeting Payza, a money transfer service popular all over the world, especially in developing nations that are under-serviced when it comes to online banking access.
- Google Fixes More Than a Dozen Flaws in Chrome 27 - Google has released Chrome 27, a new version of its browser that includes a long list of security fixes, many of which are for high-risk vulnerabilities. The company handed out more than $14,000 in rewards to researchers who reported bugs fixed in the latest iteration of Chrome.
- Reveton Ransomware Adds Password Purloining Function - The developers of Reveton have expanded that ransomware’s repertoire with a password stealing functionality, according to Stefan Sellmer at the Microsoft Malware Protection Center.
- Microsoft Curbs Click-Fraud in ZeroAccess Fight - Microsoft observed a precipitous drop-off in click-traffic on their “extended publishing network,” which they claim reflects a similar drop-off in click-fraud, as a result of the actions they have taken to stymie ZeroAccess, according to Microsoft Malware Protection Center researchers Tommy Blizard and Nikola Livic.