Security content from The Stack

Ads and malware apparently being injected into traffic from China via major network infrastructure providers

Three Israeli researchers claim to have uncovered evidence of traffic injection – including malware – taking place at the infrastructural level of network connectivity, rather than via edge ISPs who are merely leasing line space. The primary originators of the attacks appear to be China Telecom and China Unicom, two of Asia’s largest network operators…. Read More

Hacking group presents ‘long-standing’ threat to Japanese critical infrastructure

Japanese energy, oil and gas, and transport industries have been among those targeted by a group of cyberattackers focusing its efforts on Japanese critical infrastructure. According to research at Cylance SPEAR, the cyber threat group had previously been targeting U.S. defence agencies but has recently turned its attention to East Asia. While SPEAR does not… Read More

Cross-site scripting enabled on 1000 major sites including financial sites

A CloudFlare engineer has discovered that 1000 of the top one million websites, including bitcoin holding sites and trading sites, are running a default setting that enables the biggest security menace on the internet – cross-site scripting. Cross-site scripting permits code on a webpage to allow code from other domains to access its data, and… Read More

Nokia plans to acquire security software provider Nakina Systems

Nokia has this week announced its planned acquisition of Canadian security firm Nakina Systems – financial details of which are yet to be disclosed. The two companies had previously worked together in a five-year partnership which saw Nokia use Nakina software in a range of customer projects. According to an official release, the Finnish company… Read More

Apple cracked iPhones 70 times previously [AMENDED]

Note from the editor of The Stack As Fortune has noted, We made a mistake with this post, and I take responsibility for the errors it contains regarding Apple’s previous actions in accessing iPhone data across a confusing range of iPhone models with varying zero-knowledge encryption facilities, ranging from none to software-only to hardware+software. We… Read More

Russian POS pickpocket causes Facebook furore

A Facebook post has gone viral in the last 48 hours after a user posted a picture of a man stealing money from unsuspecting commuters, apparently in Russia, using a Point of Sale device to charge contactless credit cards through their wallets. The post (now removed but currently available via Google Cache and included as… Read More

Federal bill could override state-level encryption bans

A new bill [PDF] has been proposed in Congress today by Representatives Ted Lieu (D-Calif.) and Blake Farenthold (R-Tex.) which looks to put a stop to any pending state-level legislation that could result in misguided encryption measures. The ENCRYPT bill – Ensuring National Constitutional Rights of Your Private Telecommunications Act of 2016 – comes as a… Read More

France orders Facebook to revise its data privacy failings

French data protection regulator CNIL, has today flagged Facebook with a formal notice to comply with European data privacy laws within the next three months, or face possible sanctions. If the company is able to make the changes to its operations within this timeframe, Facebook will not face any punishment for its alleged data privacy… Read More

Twitter launches Trust and Safety Council to help put end to trolling

Marking Safer Internet Day, Twitter has announced the introduction of a new trust and safety council to stamp out bullying and trolling on the microblogging site. The Twitter Trust & Safety Council will initially be formed of around 40 bodies, including the Cyber Civil Rights Initiative, EU Kids Online, ICT Watch, National Cyber Security Alliance,… Read More

UK banks must raise quality of code to avoid future outages

Vishal Bhatnagar, senior vice president and country manager at CAST UK, writes about the importance of software quality and UK banks’ negligence in this respect… A recent spell of outages at leading UK banks has served to draw attention to the lack of IT visibility in these institutions. The systems used by some of these… Read More

Getting to the core of Apple Mac security

Steve Kelly, President, Intego & Flextivity, argues that companies are becoming more knowledgeable about Mac vulnerability and suggests ways to successfully defend against Mac malware… Apple continues to see the Mac’s popularity rise amongst consumers and businesses. The company’s worldwide shipments increased 1.5% in Q3 2015 compared to the year before. Unfortunately, a result of this… Read More

Online museum displays decades of malware, best-known as a resource for finding historical snapshots of websites, has launched a museum which provides a detailed view into the history of malware. Curated by Mikko Hermanni Hyppönen, the chief research officer at F-Secure, the new resource offers a fascinating look at the technical limits hackers were straining against for twenty or more… Read More

Do NOT follow this link or you will be banned from the site!