Information Security News
The Mandarin (registration)
Unis need better risk management, infosec and to stop playing politics
The Mandarin (registration)
NSW universities need to improve their risk management, improve information security and stop paying money to political parties, according to the state's auditor-general. New South Wales universities need to continue improving their risk management ...
The Office of Personnel Management, the government agency that manages federal employees, announced Thursday that its network was breached in December 2014, potentially compromising the personal records of approximately 4 million former and current employees.
The Washington Post, citing unnamed government officials, reported that the attack originated from “Chinese hackers,” and was the “second major intrusion of the agency by China in less than a year.”
As the agency wrote in a statement:
Infosec 2015: "What concerns you the most in computer security?"
We took to the exhibition floor at Infosec Europe 2015 armed with ten cool ASCII-art Naked Security T-shirts to put a question to ten visitors. (The T-shirts were a "thank you" for those who agreed to take part.) As it happened, one of our participants ...
Researchers at Wandera, a mobile security company, have alerted Apple to a potential security vulnerability in iOS that could be used by attackers to fool users into giving up their credit card data and personal information. The vulnerability, based on the default behavior of iOS devices with Wi-Fi turned on, could be used to inject a fake "captive portal" page that imitates the Apple Pay interface.
The attack leverages a well-known issue Ars has reported on in the past: iOS devices with Wi-Fi turned on will attempt by default to connect to any access point with a known SSID. Those SSIDs are broadcast by "probe" messages from the device whenever it's not connected to a network. A rogue access point could use a probe request capture to masquerade as a known network, and then throw up a pop-up screen masquerading as any web page or app.
The Wandera attack uses this behavior to get a mobile device to connect and then presents a pop-up portal page—the type usually used when connecting to a public WiFi service to present a Web-based login screen—that is designed to resemble an Apple Pay screen for entering credit card data. The attack could be launched by someone nearby a customer who has just completed or is conducting an Apple Pay transaction so that the user is fooled into believing Apple Pay itself is requesting that credit card data is reentered. An attacker could loiter near a point-of-sale system with an Apple Pay terminal and continuously launch the attack.
Infosec turns 20 to face battle with BSides, RSAC Unplugged
Infosec 2015 Infosec, the annual IT security trade show, wheeled out the rock stars of the Infosec world for its 20th anniversary this week. Bruce Schneier and John McAfee – the Paul McCartney and Keith Moon of the cybersecurity world – both keynoted ...
Without public notice or debate, the Obama administration has expanded the National Security Agency's warrantless surveillance of Americans' international Internet traffic to search for evidence of malicious computer hacking, according to classified NSA documents.
In mid-2012, Justice Department lawyers wrote two secret memos permitting the spy agency to begin hunting on Internet cables, without a warrant and on American soil, for data linked to computer intrusions originating abroad—including traffic that flows to suspicious Internet addresses or contains malware, the documents show.
Posted by InfoSec News on Jun 04http://www.theguardian.com/technology/2015/jun/04/hackers-extorted-multinational-firm-in-australia-and-threatened-employee
Posted by InfoSec News on Jun 04http://www.theregister.co.uk/2015/06/04/security_sleuths_sniff_out_the_stupid_from_your_oracle_dbs/
Posted by InfoSec News on Jun 04http://www.v3.co.uk/v3-uk/news/2411419/fbi-europol-and-nca-gunning-for-top-200-black-hats-making-exploit-kits-for-criminals
Posted by InfoSec News on Jun 04http://www.csoonline.com/article/2928928/disaster-recovery/heartland-issues-breach-notification-letters-after-computer-theft.html