News

• New backdoor malware 'KeyBoy' used in targeted attacks in Asia, researchers say

  Users from Vietnam, India, China, Taiwan and possibly other countries, were targeted as part of an attack campaign that uses Microsoft Word documents rigged with exploits in order to install a backdoor program that allows attackers to steal information, according to researchers from security firm Rapid7.

• Bill aims to discourage nations from sponsoring cyberattacks

  Three U.S. lawmakers have introduced legislation that would allow President Barack Obama's administration to deny U.S. travel visas to cyberattackers sponsored by foreign governments and to freeze their U.S.-based assets.

• Cyberespionage campaign 'NetTraveler' siphoned data from hundreds of high-profile targets, researchers say

  An ongoing cyberespionage campaign compromised over 350 high-profile victims from more than 40 countries over the past eight years, including political activists, research centers, governmental institutions, embassies, military contractors and private companies from various industries.

• Drupal resets account passwords after detecting unauthorised access

  Drupal.org has reset account passwords after it found unauthorized access to information on its servers.

• Hackers exploit Ruby on Rails vulnerability to compromise servers, create botnet

  Hackers are actively exploiting a critical vulnerability in the Ruby on Rails Web application development framework in order to compromise Web servers and create a botnet.

• US weapons system designs were reportedly viewed by Chinese hackers

  The designs for over two dozen advanced U.S. weapon systems, including missile defenses, combat aircraft and ships, were reportedly accessed by Chinese hackers.

• Researchers find unusual malware targeting Tibetan users in cyberespionage operation

  Security researchers from antivirus vendor ESET discovered a piece of cyberespionage malware targeting Tibetan activists that uses unusual techniques to evade detection and achieve persistency on infected systems.

• U.S. power companies under frequent cyberattack

  A survey of U.S. utilities shows many are facing frequent cyberattacks that could threaten a highly interdependent power grid supplying more than 300 million people, according to a congressional report.

• Researchers find critical vulnerabilities in popular game engines

  Security researchers found serious vulnerabilities in the engines of several popular first-person shooter video games that could allow attackers to compromise their online servers and the computers of players accessing them.

• Attack on Telenor was part of large cyberespionage operation with Indian origins: report

  A recent intrusion on the computer network of Norwegian telecommunications company Telenor was the result of a large cyberespionage operation of Indian origin that for the past few years has targeted business, government and political organizations from different countries, according to researchers from security firm Norman Shark.

• Researchers uncover new global cyberespionage operation dubbed Safe

  Security researchers from Trend Micro have uncovered an active cyberespionage operation that so far has compromised computers belonging to government ministries, technology companies, media outlets, academic research institutions and nongovernmental organizations from over 100 countries.

• Systems manager arrested for hacking former employer's network

  A 41-year-old man was arrested for allegedly disrupting his former employer's network after he was passed over for promotions, leading him to quit his job and take revenge, the U.S. Federal Bureau of Investigation said.

• Dutch bill seeks to give law enforcement hacking powers

  The Dutch government today presented a draft bill that aims to give law enforcement the power to hack into computer systems -- including those located in foreign countires -- to do research, gather and copy evidence or block access to certain data.

• Amazon looks to move security appliances to the cloud, says CISO

  Amazon Web Services (AWS) is looking to expand its security offerings with hosted intrusion protection appliances and more extensive encryption features, as it looks to increase the level of protection users can get in its cloud.

• Malware hijacks Twitter accounts to send dangerous links

  Twitter users in the Netherlands are being targeted by a piece of malware that hijacks their accounts, according to security vendor Trusteer.