News

• Academic institutions urged to take steps to prevent DNS amplification attacks

  Colleges and universities are being encouraged to scrutinize their systems to keep them from being hijacked in DDoS (distributed denial-of-service) attacks.

• Adobe warns customers of unpatched critical flaw in ColdFusion

  Adobe has warned users of its ColdFusion application server platform of a critical vulnerability that could give unauthorized users access to sensitive files stored on their servers.

• Name.com forces customers to reset passwords following security breach

  Domain registrar Name.com forced its customers to reset their account passwords on Wednesday following a security breach on the company's servers that might have resulted in customer information being compromised.

• SecurEnvoy falls back on fixed line to better two-factor authentication reliability

  SecurEnvoy has upgraded its SMS-based system for two-factor authentication with the ability for users to receive one-time passwords via a landline telephone call and enter them using the telephone keys.

• Amazon looks to move security appliances to the cloud, says CISO

  Amazon Web Services (AWS) is looking to expand its security offerings with hosted intrusion protection appliances and more extensive encryption features, as it looks to increase the level of protection users can get in its cloud.

• AP Twitter hack prompts fresh look at cybersecurity needs

  Getting hacked on Twitter is fast becoming a rite of passage for big corporations, but Tuesday's attack on the Associated Press could be a tipping point and shows that social networks must do more to keep their users safe, security experts said.

• One in five data breaches are the result of cyberespionage, Verizon says

  Even though the majority of data breaches continue to be the result of financially motivated cybercriminal attacks, cyberespionage activities are also responsible for a significant number of data theft incidents, according to a report that will be released Tuesday by Verizon.

• Researchers find malware targeting online stock trading software

  Security researchers from Russian cybercrime investigations company Groub-IB have recently identified a new piece of malware designed to steal login credentials from specialized software used to trade stocks and other securities online.

• Apple keeps patching Java on OS X Snow Leopard after proposed drop-dead date

  Apple on Tuesday patched Java for the aged OS X Snow Leopard and tweaked Safari to give users more control over what websites they let run the vulnerability plagued Oracle software.

• Twitter OAuth feature can be abused to hijack accounts, researcher says

  A feature in the Twitter API (application programming interface) can be abused by attackers to launch credible social engineering attacks that would give them a high chance of hijacking user accounts, a mobile application developer revealed Wednesday at the Hack in the Box security conference in Amsterdam.

• Hackers could start abusing electric car chargers to cripple the grid, researcher says

  Hackers could use vulnerable charging stations to prevent the charging of electric vehicles in a certain area, or possibly even use the vulnerabilities to cripple parts of the electricity grid, a security researcher said during the Hack in the Box conference in Amsterdam on Thursday.

• Widely used wireless IP cameras open to hijacking over the Internet, researchers say

  Thousands of wireless IP cameras connected to the Internet have serious security weaknesses that allow attackers to hijack them and alter their firmware, according to two researchers from security firm Qualys.

• Hackers turn a Canon EOS camera into a remote surveillance tool

  The high-end Canon EOS-1D X camera can be hacked for use as a remote surveillance tool, with images remotely downloaded, erased and uploaded, a researcher said during the Hack in the Box security conference in Amsterdam on Wednesday.

• Yandex launches public DNS service with malicious URL filtering

  Russian Web search firm Yandex launched a public DNS (Domain Name System) resolution service on Thursday that leverages the company's existing website scanning technology to block access to malicious and adult-rated sites.

• Researchers find new point-of-sale malware called BlackPOS

  A new piece of malware that infects point-of-sale (POS) systems has already been used to compromise thousands of payment cards belonging to customers of U.S. banks, according to researchers from Group-IB, a security and computer forensics company based in Russia.