Information Security News
by jimmy choo sale
Researchers from Russia-based Kaspersky Lab have uncovered a gang of hackers for hire who specialize in surgical strikes that quickly infiltrate suppliers to Western companies, steal highly sensitive data, and then vanish.
Icefog, as the group of "cyber mercenaries" has been dubbed, is made up of six to 10 members who are able to infect both Windows and Mac computers with advanced malware that's extremely hard to detect, Kaspersky researchers revealed in a report published Wednesday.
That's a tiny membership compared with other gangs engaged in advanced persistent threat (APT) attacks that siphon gigabytes or even terabytes of sensitive data out of corporations, defense contractors, and government agencies. The so-called APT1 group that hacked The New York Times nine months ago, for instance, has as many as 100 members, a roster that leaves plenty of tracks for security defenders to find.
Operators of an underground identity theft service have infiltrated three of the biggest providers of social security numbers, birth dates, and other consumer information, according to a published report. In total, the hackers were able to pilfer records belonging to more than four million people.
"The intrusions raise major questions about how these compromises may have aided identity thieves," KrebsOnSecurity reporter Brian Krebs wrote in the 2,100-word report published Wednesday. His seven-month investigation found that the illicit service, known as ssndob[dot]ms (readers shouldn't visit this site) served more than 1.02 million unique social security numbers to customers and almost 3.1 million date of birth records since its inception in early 2012. The data was appropriated after the operators of the service infiltrated Atlanta, Georgia-based LexisNexis, Short Hills, New Jersey-headquartered Dun & Bradstreet, and Kroll Background America, which is now a part of HireRight, he reported.
Krebs said his findings were based on a copy of the SSNDOB database that became available after the ID theft service was itself hacked. It showed that more than 1,300 customers spent hundreds of thousands of dollars looking up SSNs, birthdates, and driver license records and obtaining unauthorized credit and background reports. The operators of the service were the same hackers who in March published the SSNs and other sensitive details for dozens of celebrities and politicians, including Vice President Joe Biden, first lady Michelle Obama, and rap star Jay-Z.
(ISC)² Congress 2013: Infosec Must Expand Testing to Keep Pace with Attackers
This never-ending process makes infosec professionals “some of the toughest people” in the IT industry, he contented. Why does security get worse while continuing to spend more each year? Nickerson blamed information security vendors and their ...
by Dan Goodin
An e-mail app recently acquired by Dropbox contains a security bug that opens iPhone and iPad users to a series of potentially serious attacks, a security researcher warned.
"This is bad for security and privacy, because it allows advanced spam techniques, tracking of user actions, hijacking the user by just opening an e-mail, and, using an [exploitation] framework, potentially much worse things," Spagnuolo wrote. In the past, the researcher has been credited with finding security vulnerabilities in Google, eBay and Nokia products or services.
Five Habits IT Security Professionals Need To Break
"There is a dire shortage of infosec talent out there, and it's hurting all of us," said Dan Waddell, solution lead for the global public sector at Grant Thornton. "We need to build a pipeline of young people we can hire." "We need to get ourselves and ...
Pen tests must effect cultural change, says security veteran
To ensure a positive change in security behaviour, he said, infosec professionals should use pen testing to measure the strength of an organisation and then deploy methods to improve behaviour. “Then measure the effectiveness of those methods by ...
by cheap beats
by Michael Kors Counpon
Help Net Security
Budget and job trend data for CISOs
Help Net Security
... and security practitioners, to answer the questions their peers most wanted to know. It includes a range of topics from company security posture to current security policies and procedures, InfoSec involvement in IT operations and CISO career ...
Posted by InfoSec News on Sep 25http://krebsonsecurity.com/2013/09/data-broker-giants-hacked-by-id-theft-service/
Posted by InfoSec News on Sep 25http://www.wired.com/threatlevel/2013/09/nsa-backdoor/
Posted by InfoSec News on Sep 25http://english.peopledaily.com.cn/90883/8409195.html
Posted by InfoSec News on Sep 25http://www.bizjournals.com/southflorida/news/2013/09/24/holy-cross-hospital-patient-records.html
Posted by InfoSec News on Sep 25http://www.washingtontimes.com/news/2013/sep/24/intelligence-failure-us-command-kabul-warns-intell/