Industry News

22.05.15 - Researchers raise privacy concerns about Bluetooth Low Energy devices
Researchers at Context Information Security have raised privacy concerns about a growing number of devices using Bluetooth Low Energy (BLE) technology. Incompatible with traditional Bluetooth, BLE was developed by the Bluetooth Special Interest Group (SIG) as a personal wireless technology that is rapidly finding its way into personal devices.
22.05.15 - Is data protection the new health and safety?
Paul Motion, partner with bto solicitors’ data protection defence team
22.05.15 - Security warning over Android phone reset systems
Using the "factory reset" option to wipe Android phones may leave behind valuable data, warn security experts. The reset function may also fall short when used to remotely wipe a phone that has been lost or stolen, report Cambridge University researchers. For their analysis the researchers bought used Android phones to see what sort of data remained on the handsets.
21.05.15 - Financial services firms take 98 days to detect cyber threats – retailers take 197 days
Financial services firms take an average of 98 days to detect advanced cyber threats, while retailers take a whopping 197 days, according to a new Ponemon Institute Survey sponsored by security software provider Arbor Networks.
21.05.15 - Data Breach Liability: Confidentiality vs. Privacy
IT service providers, particularly cloud service providers, increasingly are resisting unlimited liability for breaches of privacy and data security obligations in their customer agreements. Instead, they offer unlimited liability for breaches of confidentiality, asserting the customer’s risk of a data breach would be covered as a breach of confidentiality, and arguing that unlimited liability for breaches of data protection obligations is simply double dipping.
21.05.15 - Cyber-attack leaves millions of British students without access to online resources
Millions of staff and students at over 150 centers of further education were left without access to their online resources following a cyber-attack on the University of London Computer Centre.
21.05.15 - Security experts worry about 'spear phishing' in wake of CareFirst breach
Security experts weighing in on Wednesday's breach of health insurer CareFirst, which impacted 1.1 million current and former customers, said the compromised information could be used for everything from medical identity fraud to future attacks geared toward extracting even more data from victims. What's more, they believe this is only the beginning for breaches of this nature.
21.05.15 - PCI establishes small merchant task force
The PCI Security Standards Council (PCI SSC) is creating a dedicated global taskforce to improve payment data security for small businesses, combating their frequent lack of technical knowledge or resources to apply PCI Standards to protect payment data against cyber-threats
21.05.15 - Securing the Artificial Pancreas
Millions of lives potentially depend on the resilience to cyber attacks of a new generation of “artificial pancreas” and other medical devices. But medical devices are open to cyber attacks, many studies have demonstrated that a large number of medical systems could be affected by security flaws that could be exploited by hackers.
21.05.15 - The 1990s calling: buffer overflow attack "cripples router" claim
The technology behind a popular printer sharing feature on many consumer and professional grade routers has been shown to be vulnerable to what the team behind the discovery are calling a 1990s-style stack buffer overflow attack.
21.05.15 - Novel malvertising attack leads to drive-by ransomware
Zscaler researchers explained on its blog that it has seen a large number of sites, dressed up as search engines, that lead to malicious content including sites hosting the Magnitude Exploit Kit.
20.05.15 - 'Practical' ICO may not issue huge data breach fines
Speaking at the European Conference of Data Protection Authorities in Manchester on Tuesday, the Information Commissioner Christopher Graham spoke at length on the challenge facing ICO and other bodies, focusing specifically on their need to adapt to new legislation, and ensure privacy for all users, while technology changes are afoot.
19.05.15 - Privacy and data protection? Just 1% of public would go to Information Commissioner’s Office
Just one percent of the UK public would go to the Information Commissioners’ Office (ICO) for advice on personal data, according to a paper published today. When asked who they would go to for advice on protecting their data, only 1 percent named the ICO while almost half (45 percent) of the 1,222 respondents said they ‘don’t know’, a poll by ComRes found.
18.05.15 - ICO fines Welsh police for sensitive data breach
After the loss of a highly-sensitive DVD testimony, the ICO has issued a fine totaling £160,000 to South Wales Police and has asked the police force to sign an undertaking that ensures new, enforced policies that will stop future breach incidents. The DVD, which has still not been recovered, contains an interview recorded in 2011 that recounts the graphic and disturbing testimony of a victim of sexual abuse. Just two months after the recording, the DVD went missing, but the breach remained unreported for as long as two years due to "lack of training," the ICO told
15.05.15 - Malware Found In Some GTA V Mods
If you’ve been using mods on GTA V, your computer might be at risk of a virus. The mods “Angry Planes” and “No Clip” have been found to contain a keylogger called “Fade.exe”. The presence of the malware was confirmed on and was first discovered on GTAForums, which also contains instructions on how to remove the virus from affected machines. Even if you haven’t installed these two specific mods, however, you should be careful and check your computer for a file called “Fade.exe” just to be safe.
15.05.15 - New Russian Hacks Target US Banks
Cybersecurity experts at root9B, staffed by veterans from the U.S. State Dept. and Dept. of Defense, have discovered that a powerful Russian cyber hacking group linked to Kremlin-backed cyber-espionage is making preparations for a large-scale attack on global banks.
14.05.15 - Cyber security cited as No1 risk to financial markets, says DTCC
Almost half of the respondents (46 per cent) to the Depository Trust & Clearing Corporation’s (DTCC) latest Systemic Risk Barometer Study cited cyber security as their top concern and 80 per cent of respondents rated it as a top five risk overall.
14.05.15 - Hackers drain money from Starbucks accounts linked to users’ credit cards
Hackers steal money from Starbucks mobile customers using linked credit cards, nearly 16 million customers who use the company app are at risk.
12.05.15 - Anonymous-tied DDoS botnet shows insecure routers are legion
Tens of thousands of home routers have been infected with malware, and are being used by hackers to launch distributed denial-of-service (DDoS) attacks, including by the hacktivist group Anonymous.
12.05.15 - Jamie Oliver website hit by malware for a third time
The website of British TV chef, Jamie Oliver has been hit for a third time by malware that potentially infects the computers of visitors to the site. It is the third attack on in four months. The security company that found the exploit, Malwarebytes says the attack, which redirects users to malicious software, is similar to the previous two. A spokesperson for Jamie Oliver said they were working "to find the issue".
12.05.15 - Breaking Bad Ransomware Hits Aussie PC Users
Security researchers are warning PC users in Australia to beware of new Breaking Bad-themed ransomware demanding up to $1000 AUD ($796 USD) to decrypt essential computer files. The attacks typically arrive in the form of a malicious zip archive which takes the name of a famous delivery firm as its file name, according to Symantec.
08.05.15 - Surgical robots hacked by researchers to alter commands and disrupt functions
Security vulnerabilities in surgical robots have been exposed by researchers, who hacked next generation systems to prove that they could be hijacked remotely. Researchers from the University of Washington (UW) carried out a series of cyberattacks on teleoperated (remotely operated) surgical robots using non-private networks.
07.05.15 - Criminalising hackers hurts security
"I often use ‘hacker' and ‘security researcher' interchangeably." So said cyber security expert Keren Elazari in an open interview with ITWeb on Twitter yesterday.
07.05.15 - £1.5 million investment in new cybercrime hub for East Scotland
Detective Superintendent Stevie Wilson. Credit: Steward Attwood, The Herald. A new hub to tackle the growth in cyber-crime is to be established in the East of Scotland.
07.05.15 - £1.5 million investment in new cybercrime hub for East Scotland
Detective Superintendent Stevie Wilson. Credit: Steward Attwood, The Herald. A new hub to tackle the growth in cyber-crime is to be established in the East of Scotland.
07.05.15 - DMU joins forces with Airbus Group to protect critical national infrastructure from cyber attacks
De Montfort University Leicester (DMU) has launched a research programme with Airbus Group to develop a new digital forensic capability for the Supervisory Control and Data Acquisition (SCADA) industrial control systems that underpin the UK’s critical national infrastructure.
07.05.15 - Cyber attack on Biznews: How it happened, why you could be next
In this special podcast, Alec Hogg talks to the CIO of Internet Solutions, Kovelin Naidoo. Internet Solutions were the pioneers of the Internet in SA. How many years ago, was that? That’s about 21 years ago, so we’ve come a long way.
07.05.15 - Top cyber attack vectors for critical SAP systems
SAP is run by over 250,000 customers worldwide, including 98 percent of the 100 most valued brands. Despite housing an organization’s most valuable and sensitive information, SAP systems are not protected from cyber threats by traditional security approaches.
06.05.15 - UK cyber security: insure against 'rapid, highly damaging and public' threats
Cyber attacks present a daily threat to UK businesses and have become more destructive in recent years with data breaches and hacks frequently making front page news. Consider the Sony Pictures hack following controversy over the film The Interview, the Kaspersky Labs $1bn cyber robbery or points stealing from British Airways' air-miles accounts. Data security has become a fundamental issue for companies and this raises the question: what can they do?
06.05.15 - Microsoft Word Intruder - the malware that writes new malware for you
Malware construction kits aren't new. Back in the early 1990s, for example, DOS-based tools such as VCL (Virus Creation Laboratory) and PS-MPC (Phalcon-Skism Mass Produced Code Generator) lowered the barrier of entry to virus "writing".
06.05.15 - Mobile threats on the rise, Q1 2015 report shows
Some of the most noteworthy findings in the Kaspersky Lab “IT Threat Evolution Report for Q1 of 2015” involve mobile devices, Patrick Nielsen, senior security researcher at Kaspersky Lab, told in a Wednesday email correspondence.
06.05.15 - Unlimited fines may now be imposed by UK Magistrates’ Court Data Protection offences
Since the Legal Aid, Sentencing and Punishment of Offenders Act 2012 (Fines on Summary Conviction) Regulations 2015 came into force 12 March 2015, the Magistrates’ Court has had the ability to impose unlimited fines for criminal offences under the Data Protection Act 1998 (‘DPA’). Under s.55 DPA, an individual can be convicted of a criminal offence if he or she obtains or discloses personal data without the consent of the data controller. Before 12 March, a £5,000 fine cap existed, but this has now been removed, allowing for fines of any amount to be imposed at sentencing.
06.05.15 - Is cyber-warfare really that scary?
On 7 December 1941, Japanese aircraft attacked the American naval base at Pearl Harbor, Hawaii. The attack was surprising, devastating, and drew the US into World War Two.
06.05.15 - Firms ‘at risk of data breach’
Irish companies are at risk of large-scale data breaches that could leave them open to significant liabilities, a legal expert has warned. Following a number of high-profile breaches in recent times, barrister Michael Vallely, who specialises in IT law, says companies here face similar risks.
05.05.15 - Bogus Hotel Booking Scams Cost Americans Millions
Hotel booking scams are on the rise partly because 1 in 3 vacations is set up online, with many hotel and airline reservations punched in on those tiny, hard-to-read smartphone screens.
1.05.15 - Fake "Account Locked" notices are delivering CTB-Locker
Active spam campaigns delivering fake notices about temporarily locked accounts have been spotted in the last few days delivering a deadly malware combination: the Dalexis downloader and the CTB-Locker (aka Critroni) ransomware.
30.04.15 - Police still 'ill-equipped' to deal with cyber-crime
Police are still playing catch-up with cyber-crime, and are particularly struggling with poor reporting, a lack of data and the InfoSec skills shortage, said Ian Maxted, safer cyber coordinator at the Gloucestershire Constabulary, at 44CON in London yesterday.
29.05.15 - Ryanair's been hacked for millions via Chinese bank
Ryanair has been targeted by hackers who have stolen nearly $5m (£3.25m) from the airline's bank account. The cash was taken from the budget airline by electronic transfer via a Chinese bank, the Irish Times reports. Ireland's Criminal Assets Bureau is investigating the crime, which took place last week, and is working with authorities in Asia.
29.05.15 - Facebook login system blocked by Great Firewall of China causing DDoS panic
Internet users in China have been unable to connect to a number of popular foreign websites over the last few days, apparently due to what security reporter Brian Krebs describes as a "screw-up" by government censors.
29.04.15 - Windows XP support deal not renewed by government, leaves PCs open to attack
The government has not renewed its £5.5m Windows XP support deal with Microsoft despite thousands of computers across Whitehall still running the ancient software, leaving them wide open to cyber attacks.
28.05.15 - Zombie apps haunt BYOD workplaces
According to a new study of around 3 million apps on employee smartphones, 5.2 percent of iOS apps and 3.9 percent of Android apps are actually dead, removed from their respective app stores and no longer supported. Every single enterprise studied had at least some zombie apps on user devices. These zombie apps can be harmful in a couple of ways, according to Domingo Guerra, president and founder at Appthority, the mobile app security company that did the research.
28.05.15 - Preparing for Warfare in Cyberspace
The Pentagon’s new 33-page cybersecurity strategy is an important evolution in how America proposes to address a top national security threat. It is intended to warn adversaries — especially China, Russia, Iran and North Korea — that the United States is prepared to retaliate, if necessary, against cyberattacks and is developing the weapons to do so.
27.04.15 - Cyber-security and why shipping needs to be worried
Cyber-security is fast becoming a hot-button issue in shipping, perhaps because it is one on the agenda everywhere. On 1 April US president Barack Obama signed an executive order authorising sanctions against malicious overseas hackers as well as companies that knowingly benefit from cyber-espionage. "Cyber-threats pose one of the most serious economic and national security challenges to the United States,” he warned.
24.04.15 -
A student who tried to cheat his way to a better degree by hacking into the university computers and changing his marks has been jailed. Imran Uddin, 25, who was studying science, bought keyboard spying equipment on the internet which he then connected to a number of university computers.
24.05.15 - CCTV in the Workplace survey finds 60% of employees fear “theft, physical attack and trespassers”
The CCTV in the Workplace survey questioned 1,017 UK workers and was carried out by independent research provider The Leadership Factor in January this year. Although the Government’s current CCTV network is outdated and hugely costly to local authorities, the views of the workers polled in the survey prove there’s a real need for effective CCTV solutions.
23.04.15 - Massive TalkTalk data breach STILL causing customer scam tsunami
A fresh wave of scammers appear to be targeting TalkTalk customers, following a massive data theft earlier this year, The Register has learned. In February, TalkTalk admitted to suffering a major breach into its users' sensitive information, which may have led to some customers handing over bank data to hackers. In an email to subscribers, the company said: "We are aware of a small, but nonetheless significant, number of customers who have been directly targeted by these criminals and we have been supporting them directly."
23.04.15 - Cash register maker used same password – 166816 – non-stop since 1990
RSA 2015 Fraud fighters David Byrne and Charles Henderson say one of the world's largest Point of Sale (PoS) systems vendors has been slapping the same default passwords – 166816 – on its kit since 1990. Worse still: about 90 per cent of customers are still using the password. The enraged pair badged the PoS vendor by its other acronym, labelling it a "piece of shit" and heaping scatological scorn on a bunch of other borked sales systems. Fraudsters would need physical access to the PoS in question to exploit it by opening a panel using a paperclip.
23.04.15 - Update: Credit card terminals have used same password since 1990s
While retailers battle breaches that have resulted in tens of millions of credit card numbers stolen, word comes from the RSA Conference in San Francisco that a major vendor of payment terminals has been shipping devices for over two decades with the same default password. The vendor wasn't named by the researchers, David Byrne and Charles Henderson, but they did disclose the password: 166816.
23.04.15 - Trust in council data security 'dangerously low', finds poll
Almost a third of people don’t trust their council to protect personal data online, with outsourcing raising key concerns - a poll has revealed. A survey of 2,000 Britons found less than one in 10 believe local authorities are well equipped to deal with a cyber attack while 31% have no faith in their town hall to guard important information.
22.04.15 - Twitter's new anti-abuse filter hides harassing tweets from your mentions
Twitter is cracking down on abusive accounts, announcing an updated violent threats policy, as well as a new filter that could block threatening messages before they are even seen by the intended victims. The move comes after leaked internal memos from CEO Dick Costolo back in February showed the social network thought it should be doing more to reduce trolling on the service.
22.04.15 - Costa Coffee Club warns of possible database intrusion
A Naked Security reader just sent us a "possible breach" warning he received. This one's from the Costa Coffee Club, a loyalty programme from Costa, a UK franchise that runs a chain of... guessed it, coffee shops. The loyalty card is of the conventional sort: you get 5p of credit to use in-store for for every pound you spend.
21.05.15 - Stolen CentCom computers were found on eBay
A CentCom official ordered an inventory, putting it in the hands of a Riverview man who now admits to being the thief. Scott Duty's signed federal plea agreement spells out those details and more, in anticipation of a hearing next month in which he is expected to plead guilty to stealing government property.
20.04.15 - Institutional investors back away from hacked businesses
KPMG’s survey of global institutional investors found that 79% of investors would be discouraged from investing in a business that has been hacked. The research surveyed 133 institutional investors with more than USD $3 trillion under management. Malcolm Marshall, global head of KPMG’s cyber security practice, says: ‘Investors see data breaches as a threat to a company’s material value and feel discouraged in investing in a business that has had its sensitive information compromised.’
16.04.15 - Infosec taking the strain as threats evolve and skills gap widens
Analyst forecasts of a 1.5 million shortfall of information security professionals by 2020 come amid reports of rising salaries, an ageing workforce and the inability to fill existing positions.
16.04.15 - Dropbox users continue to unwittingly leak tax returns and other private data
Readers with good memories will recall a worrying privacy hole was found in Dropbox after publicly accessible links to private personal information stored on the service leaked out to unauthorised users.
16.04.15 - Target announces $19 million data breach settlement with MasterCard
(Reuters) - Target Corp (TGT.N) said it had agreed to reimburse about $19 million (13 million pounds) to financial institutions that had issued MasterCard-branded cards that were a part of the massive data breach at the retailer in 2013.
16.04.15 - APT group hacks cyber-spy gang in spy-on-spy pwnage
Cyber-spy groups, whose numbers are growing with little constraint, have begun hacking each other. Hellsing, a small and technically unremarkable cyber-espionage group, was subjected to a spear-phishing attack by another threat actor last year, before deciding to strike back with its own malware-infected emails. The aftermath of the dust-up was uncovered by security researchers from Kaspersky Lab, who estimate further incidents along the same lines are likely.
15.04.15 - UK law firms investigated 187 times for data protection breaches
UK law firms were investigated 187 times by the Information Commissioner in 2014 for possible breaches of the Data Protection Act (DPA), a Freedom of Information (FoI) data by encryption firm Egress Software Technologies has revealed. It might be assumed that legal firms would be especially careful with personal data but that didn’t stop 173 firms generating the heavy caseload for the ICO.
15.04.15 - There's TOO MANY data-leaking healthcare firms, growls Symantec
Security software company Symantec is being drenched in calls from breached health organisations that have lost devices or suffered an information security snafu.
15.04.15 - Britain hit hard as cyber-attacks rise 40 percent
Around five in six large organisations were subject to some form of cyber-attack in the past year and things look set to get worse, says the latest Internet Security Threat Report from Symantec.
15.04.15 - Banks hide cyber crime losses, says City of London Police
Banks are obscuring the true amount of money lost to cyber fraudsters preferring to write off cyber incidents as losses, according to the City of London Police. Banks assess the losses sustained from customers leaving, because of security fears, greater than covering the cost of cyber crime.
14.04.15 - Global cyberattacks on big business up 40 percent in 2014
Cyberattacks and cybercrime against large companies rose 40 percent globally in 2014, according to Symantec's annual Internet Security Threat study published Tuesday. Five out of every six large companies – those with over 2,500 employees – were targeted with spear-phishing attacks or e-mail fraud in 2014, up 40 percent on year, the report showed. Attacks on small- and medium-sized companies, which accounted for 60 percent of targeted attacks, increased 26 and 30 percent, respectively.
14.04.15 - Security risk potential linked to young, mobile users
Wireless supplier Aruba Networks has warned enterprises to take action to secure their corporate networks after publishing a mobile security risk report that found CIOs are unprepared for the impact of the high-risk, security-agnostic Generation Mobile workforce.
12.04.15 - Cyber-defence to be integral to Nato capabilities
Cyber-defence has to become an integral part of military capabilities, said General Sir Richard Barrons, Commander of Nato's Joint Forces Command, during a visit last week to the Tallinn-based NATO Cooperative Cyber Defence Centre of Excellence on Friday.
10.04.15 - Europol leads takedown of Beebone botnet
In a move that reflected the level of co-operation between anti-malware forces, Europol's European Cybercrime Centre (EC3), the Joint Cybercrime Action Taskforce (J-CAT), the FBI, the National Cyber Investigative Joint Task Force- International Cyber Crime Coordination Cell (IC4), ShadowServer, Kaspersky and Intel Security all joined forces under the control of the Dutch National High Tech Crime Unit. Brian Honan, of security consultants BH Consulting said the way the takedown was orchestrated was a model for the future. “There was an exceptionally high level of co-operation, something that can be difficult to achieve.”
02.04.15 - Smart home hacking is easier than you think
Scary stories of hacking Internet of Things devices are emerging, but how realistic is the threat?
02.04.15 - Tor Wants to Know How to Make the Darknet Mainstream
For many, Tor is synonymous with its hidden services, the encrypted and anonymous .onion websites that make up the darknet. Silk Road used to be one, and Facebook even set up its own hidden service last year. Despite this, the Tor Project estimates that just 4 percent of all traffic on the network goes to its dark web sites.
01.04.15 - Deepnet: is the “dark web” good or evil?
The worldwide web wasn’t really designed, as such – it grew out of itself and so privacy was never really a massive consideration. In part as a result, it exists on different levels.
31.03.15 - Government scolded over another immigration data leak. But Privacy Commissioner say he's happy with preventative measures.
The federal opposition has accused the Immigration department of contravening data breach disclosure guidelines and developing a reputation for poor data protection after a staff member was revealed to have emailed the personal details of world leaders to the wrong recipient.
31.03.15 - Universities need to plug into threat of cyber-attacks
Desirable research plus students’ personal and financial details make universities a juicy target for cyber-criminals. But are they doing anything about it?
31.03.15 - DDoS losses potentially £100k an hour, survey shows
Distributed denial-of-service (DDoS) attacks could expose 40% of businesses to losses of £100,000 or more an hour at peak times, a survey by communications and analysis firm Neustar has revealed.
31.03.15 - Security services in 'technological arms race' with cyber criminals, warns MI6 chief
Law enforcement and government intelligence agencies are engaged in a "technological arms race" with cyber criminals and terrorists whose methods are "unconstrained by consideration of ethics and law", the head of MI6 has warned.
30.03.15 - Serious Fraud Office fined £180,000 for BAE data breach
The Serious Fraud Office (SFO) has been fined £180,000 after thousands of confidential documents from a high-profile bribery investigation were mistakenly sent to the wrong person.
30.03.15 - Pension data 'sales' investigated by watchdog
An investigation has been launched into claims the details of millions of people's pensions are being sold to fraudsters and cold-calling firms.
30.03.15 - Law firms are a hacker’s “treasure trove”
Large law firms have been identified as a prime target for hackers and organised criminal gangs (OCGs) as their databases are seen as repositories of company secrets, business strategies and intellectual property.
30.03.15 - G20 world leaders' data emailed to football organisers
The passport numbers and visa details of 31 world leaders were accidentally emailed to the organisers of the Asian Cup in Australia before the G20 summit in Brisbane in November 2014
29.03.15 - British Airways customers hacked: Accounts of frequent flyers frozen after thousands victim of security scare
Air miles accounts have been frozen but airline says no personal information viewed or stolen
27.03.15 - Cyber Attacks Fuel Security Innovations
The increasing number of connected devices is multiplying the probability of cyber attacks against organizations across all sectors, from manufacturing to entertainment, to government agencies. The flurry of attacks is compelling organizations to adopt security solutions that secure computing resources, information, networks, and applications. Frost & Sullivan has conducted analysis on efforts to shore up security and finds that increased vulnerabilities are prompting innovations in security tools. The emerging security solutions are directed toward fortifying sophisticated technologies such as cloud computing, big data, wireless communication, and the Internet of Things (IoT).
27.03.15 - Employers will not breach data protection when checking driving licences online, says ICO
Fleet managers have been assured that no offence under the Data Protection Act will be committed by their employers when accessing employees’ driving licence records held by the Driver Vehicle and Licensing Agency (DVLA). The Information Commissioner’s Office (ICO) has given the green light to ACFO, the UK representative body for fleet decision-makers, amid concerns raised by some fleet managers over the interpretation of Section 56 of the Data Protection Act 1998.
27.03.15 - UK gov't launches hackathon for next-gen cybersecurity specialists
The UK government is launching a hackathon to bring together the next generation of cybersecurity specialists to explore today's security issues. Announced on Thursday, the three-day hackathon is designed to bring together 50 students to "work together on ideas designed to tackle the cybersecurity issues facing businesses and critical infrastructure providers." The participants, plucked from 13 UK universities labeled as "Academic Centres of Excellence in cybersecurity research," will be given hands-on training, tutorials and advice throughout the event.
27.03.15 - Zero Day Weekly: China leads global cyberattacks, Dell malware risk, air gap hacking
Akamai: A majority of the Internet attack traffic in 2014's fourth quarter originated in China, followed by the U.S., according to cloud service provider Akamai. China and the U.S. were the only countries where more than 10 percent of attack traffic originated. Still, the attack traffic coming from China was down compared to the third quarter, falling to 41 percent from 49 percent. Attack traffic coming from the U.S. also fell, decreasing to 13 percent from 17 percent.
26.03.15 - Router Hack Inserts Ads And Porn Into Websites
Fraudsters are using hijacked router DNS settings to intercept Google Analytics tags and replace them with pornography and adverts. This is the warning from security experts Ara Labs Security Solutions, which discovered the router hack which is injecting third party content into random websites.
26.03.15 - World of Warcraft Gamers Targeted by Ransomware Teslacrypt Virus
Scottsdale, AZ -- (ReleaseWire) -- 03/26/2015 -- A new malware program attempts to extort money from gamers by encrypting game saves and other user-generated files for popular computer games. The threat is now targeting WoW gamers through game saves, maps, profile and other custom content.
26.03.15 - Eurovision app servers attacked
In this month's Eurovision qualifier, which drew 3.7m viewers, there was a suspicious fault with the polling process that led to all votes cast in a certain part of the programming schedule being deleted.
26.03.15 - Survey: 75% of firms would take hours or longer to spot breach
Although 68 percent of companies said they are prepared for a breach, 75 percent estimated it would take hours, days, or weeks for them to notice that one had occurred, according to a new survey released this morning.
24.03.15 - Post-hack, Twitch users told to reset passwords… but they don’t have to make them too long
Video game streaming service Twitch posted a security alert yesterday, announcing that hackers had compromised its systems and users’ personal details may have been exposed. An email sent out to some users, described the type of information that online criminals may have been able to access:
23.03.15 - How to tell if you've been hacked
According to the UK Government’s 2014 cybersecurity survey, 81% of large businesses have suffered malicious data breaches. That suggests almost one in five didn’t. But how can those companies be sure? Working out whether you’ve been hacked by cybercriminals is like leaving your diary in your bag while you visit the bathroom. When you get back, everything might still be in your bag, but you can’t be certain that no one sneaked a peek.
20.03.15 - 90 Percent of IT Pros Worry About Public Cloud Security
A recent Bitglass survey of more than 1,000 IT and IT security practitioners found that one third of respondents have suffered more security breaches with the public cloud than with on-premise applications.
20.03.15 - Facebook found leaking private photos
Bug hunter Laxman Muthiyah has reported a Facebook vulnerability that exposes private photos to potentially malicious applications. The hacker received US$10,000 from Menlo Park for reporting the bug in Facebook Photo Sync and an API that allows third party apps to siphon private pics. Muthiyah says iOS and Android apps that contain a user_photos permission could prior to the patch nab photos by simply residing on a victim's device.
20.03.15 - Will Ford and Tesla's wireless updates pose a security threat to drivers?
Wireless updates like those promised by Tesla and Ford could pose a major threat to car security, security experts have warned. Allowing drivers to download apps and customise their cars gives hackers a gateway to manipulate internal car systems through malware or 'man-in-the-middle' attacks.
20.03.15 - Drupal SQL injection vulnerability attacks persist, despite patch release
Nearly six months have passed since a major Drupal SQL injection vulnerability was disclosed, and yet attackers are continuing to try, sometimes successfully, to exploit websites that have failed to update their systems.
20.03.15 - H4cked off: Is Eugene Kaspersky 'in bed' (or the sauna) with the Russian government? Derr, of course he is
ndeed, quite literally, they say he is in the sauna with them – once a week, apparently with his old pals at the agency to which he once belonged. The implication is that behind the closely cropped beard lurks a shifty, untrustworthy frontman, while the more direct accusation is that Kaspersky Labs turns a blind eye to all the nefarious malware that may or may not be pumped out by the Russian state. Can you trust this shadowy company to analyse your email – your most private communications?
19.03.15 - Target poised to settle breach for $10 million
MINNEAPOLIS – Target Corp. is poised to settle a class-action lawsuit filed following the retailer's massive data breach in 2013, court documents filed Wednesday in Minnesota show. A $10 million dollar fund will be established for victims of the breach, the 97-page settlement says.
19.03.15 - GoDaddy accounts vulnerable to social engineering and Photoshop
On Tuesday, my personal account at GoDaddy was compromised. I knew it was coming, but considering the layered account protections used by the world's largest domain registrar, I didn't think my attacker would be successful.
18.03.15 - Cisco posts kit to empty houses to dodge NSA chop shops
Cisco will ship boxes to vacant addresses in a bid to foil the NSA, security chief John Stewart says. The dead drop shipments help to foil a Snowden-revealed operation whereby the NSA would intercept networking kit and install backdoors before boxen reached customers. The interception campaign was revealed last May. Speaking at a Cisco Live press panel in Melbourne today, Stewart says the Borg will ship to fake identities for its most sensitive customers, in the hope that the NSA's interceptions are targeted.
18.03.15 - Apple and Google freak out as SSL flaw hits thousands of apps
New research from FireEye reveals that both platforms remain vulnerable as they run flawed versions of the OpenSSL library that is baked into both operating systems – meaning that an attacker could potentially carry out a Man-in-the-Middle (MiTM) attack to intercept any kind of data app transmit, such as health and fitness, medical, login credentials, credit card details, emails, text and photos.
18.03.15 - Premera hack exposes 11 million financial and medical records
US health insurance firm Premera Blue Cross has revealed its IT systems were breached, exposing the financial and medical records of 11 million customers. Premera Blue Cross said it discovered cyber attackers breached its systems in January 2015. An investigation showed the first attack took place in May 2014.
17.03.15 - UK firms horribly unprepared for data breach response
On Tuesday, BlueCoat and Experian released independent reports which painted a bleak picture of UK firms' information security practises, finding in particular that companies didn't have appropriate incident response plans, or carry out appropriate risk and security assessments.
17.03.15 - N. Korea behind nuke power plant data leakage: investigators
SEOUL, March 17 (Yonhap) -- North Korea is believed to be linked to a series of recent data leaks from South Korea's nuclear power plants, investigators said Tuesday. Late last year, an unidentified hacker posted blueprints of nuclear power plants and threatened to destroy the facilities while demanding they be shutdown. Last week, the hacker posted more files on Twitter that included documents concerning the country's indigenous advanced power reactor 1400, while demanding money.
15.03.15 - Yahoo unveils sneak peek at end-to-end email encryption plugin
After the company was thrown under the bus by the National Security Agency surveillance disclosures, Yahoo is following up on its promise to fight back. At SXSW festival in Austin, Texas, Yahoo chief information security officer Alex Stamos confirmed the company will introduce end-to-end encryption to its Yahoo Mail service by the end of this year.
13.03.15 - Google error leaks website owners' personal information
A Google software problem inadvertently exposed the names, addresses, email addresses and phone numbers used to register websites after people had chosen to keep the information private. The privacy breach involves whois, a database that contains contact information for people who've bought domain names. For privacy reasons, people can elect to make information private, often by paying an extra fee.
13.03.15 - Google privacy breach caused by a software defect
Expert at Cisco discovered a privacy breach caused by a software problem, which exposed personal information of users that opted for privacy setting. A software problem occurred at Google have exposed personal information of users that registered their website and had chosen to keep their profile private.
13.05.15 - Adobe issues patches for 11 critical vulnerabilities in Flash Player
Adobe has issued patches for security vulnerabilities in Flash Player -- 11 of which are deemed critical. On Thursday, Adobe issued its latest set of security updates for the Adobe Flash Player. The updates for Windows, Mac and Linux users address "vulnerabilities that could potentially allow an attacker to take control of the affected system," according to the software giant.
13.03.15 - Attackers spread worm via Facebook, leverage cloud services
Facebook users who clicked an link in a post promising pornographic content may have become infected with a worm – believed to belong to the Kilim family – that then spread the same link to all of their contacts and groups, according to a Thursday post by Malwarebytes.
13.03.15 - 'TeslaCrypt' holds video game files hostage in ransomware first
Online gamers are no longer spared the wrath of crypto-ransomware, with a recently discovered attack encrypting game files, as well as iTunes files.
13.03.15 - Private WHOIS data disclosed for hundreds of thousands of Google Apps domains
A software defect in Google Apps's domain registration system, has exposed the private WHOIS information of 94 percent of the nearly 306,000 domains registered via Google App using eNom, according to a blog post by researchers at Cisco Talos, who discovered the glitch while exploring another research project.
12.03.15 - Report: 71 percent of orgs were successfully attacked in 2014
The number of successful cyber attacks against organizations is increasing, according to the “2015 Cyberthreat Defense Report” from CyberEdge Group, which surveyed 814 IT security decision makers and practitioners from organizations – in 19 industries – across North America and Europe
12.03.15 - UK surveillance 'lacks transparency', ISC report says
The legal framework surrounding surveillance is "unnecessarily complicated" and "lacks transparency", a Parliamentary committee says. The Intelligence and Security Committee (ISC) report also says there should be a single law to govern access to private communications by UK agencies. Its inquiry has considered the impact of such activities on people's privacy.
12.03.15 - Malware “TreasureHunter” innovates by using windows products IDs for its dynamic mutex
A new approach based on windows products IDs for dynamic mutex could allow the creation of new malware running undetected on systems for much more time. Before talking about “TreasureHunter” itself, I think it’s worth to give you a background about mutex and as Microsoft says: “For example, to prevent two threads from writing to shared memory at the same time, each thread waits for ownership of a mutex object before executing the code that accesses the memory. After writing to the shared memory, the thread releases the mutex object.”
12.03.15 - Did GCHQ crack encryption? Parliament's security committee suggests GCHQ can read encrypted communications
Today's report from Parliament's Intelligence and Security Committee has suggested that GCHQ has broken computer encryption systems and is able to read messages that ought to be secure.
10.03.15 - Rowhammer Hardware Exploit Poses Threat to DRAM Memory in Many Laptops, PCs
Software, from web apps, to operating systems to firmware, has been abused and exploited every which way from Sunday for decades by both researchers and attackers. Now, it is hardware’s turn in the spotlight, as researchers have published details of a new method for exploiting a problem with some DRAM memory devices that can allow attackers to get low-level access to target machines.
10.03.15 - Banning Tor unwise and infeasible, MPs told
A ban on online anonymity networks would be "technologically infeasible" and unwise, MPs have been told. Parliamentary advisers said networks such as Tor could be used for criminal ends but also in the public interest.
04.03.15 - China and US clash over software backdoor proposals
Beijing has rejected President Obama's criticism of its plan to make tech companies put backdoors in their software and share their encryption keys if they want to operate in China. On Monday, Mr Obama told the Reuters news agency he had "made it very clear" China had to change its policy if it wanted to do business with the US.
03.03.15 - Secret Service: Cybercrime ‘Skimming’ Cases on the Rise in North Carolina
The U.S. Secret Service says “skimming,” a cybercrime which targets automatic teller machines and gasoline pumps and the people who use them, is on the rise in the Charlotte, N.C., area. The Charlotte Observer reports that the Secret Service reports that since October, it has investigated 11 skimming incidents involving at least nine suspects, in a region spanning from Greensboro to Asheville. Most cases have been in Charlotte
02.03.15 - Tor Users Must Now Provide A Phone Number To Open A New Twitter Account
Twitter last week announced plans to begin tracking troublesome users via their mobile phone number. Along those lines, it has begun forcing users of anonymous web browser Tor to provide a number in order to open a new account. Update: A Twitter representative told TechCrunch that the company has not made specific changes to the registration process for Tor browser users.
02.03.15 - Data breach from University of Limerick student village
HE bank account details and PPSN numbers of over 350 residents at the University of Limerick’s Kilmurry Student Village were leaked to the public earlier this month. On the evening of Friday, February 6, an email with an attachment containing the bank account details, including Sort Codes, BIC numbers and IBAN numbers, along with account holder names, bank addresses and PPSN numbers of 363 residents was sent to a student. The student then passed the information onto a family member. The leak was discovered three days later, on February 9, by Plassey Campus Centre, a UL subsidiary company that manages Kilmurry Student Village.
02.03.15 - LinkedIn Settlements: Data Privacy Concerns and Class Actions
Data Security and Privacy are major concerns (and hot topics) in the legal world. Big names like Target, Home Depot, and more recently Anthem Insurance have all had their security breached and sensitive customer information compromised, and there have been significant litigious consequences for these companies.
02.03.15 - Islamic State threatens Twitter staff in online post
Twitter employees and co-founder Jack Dorsey are being threatened by people who claim to support Islamic State. In an online post jihadists around the world are called upon to attack and kill Twitter staff over the company's efforts to block and ban Islamic State messages.
02.03.15 - Security cameras that would have filmed Boris Nemtsov shooting were 'turned off for repairs'
Security cameras that would have filmed the shooting of Russian opposition leader Boris Nemtsov were turned off for repairs at the time, according to local media reports. The claims come amid conflicting reports about whether footage of the killing exists. Sources at the country’s Interior Ministry say there was no CCTV footage of the killing because the cameras in question were not working, according to the Kommersant newspaper.
02.03.15 - GCHQ experts to teach university students about ethical hacking, penetration testing and security networks
British spy agency GCHQ is looking to attract the cream of the crop of budding computer scientists to attend a new summer school in which its own experts will teach students about ethical hacking, penetration testing and security networks.
02.03.15 - Research: 84 percent more concerned about security and privacy in 2015
Security and privacy are top concerns for many IT professionals, and it's especially relevant now, after 2014's highly publicized data breaches. Because of the constant concerns about security and privacy, Tech Pro Research, ZDNet's premium content sister site, conducted a new survey on the topic and compared the results back to a previous survey from 2013.
27.02.15 - Facebook explains when employees can access your account without your password
Earlier this week, Paavo Siljamäki, director at the record label Anjunabeats, told a very interesting story about an interaction with a Facebook engineer logging into his account without entering his account credentials. We got in touch with Facebook to learn when exactly the company’s employees can perform such actions.
27.02.15 - TalkTalk: 'Hackers stole customers' personal details – two months ago'
TalkTalk has finally confirmed in an email to customers that their personal details were compromised in a successful hack perpetrated at the end of last year. Personal data stolen from TalkTalk in the attacks included names, addresses, phone numbers and account numbers. Furthermore, the company has admitted that the information has been used in cases of attempted identity theft with scammers using the data to try and get bank account, credit card details and other information from customers.
26.02.15 - Europol, Microsoft and Symantec take down Ramnit botnet
The Ramnit botnet, which had infected 3.2 million computers around the world, has been taken down in a coordinated joint international operation by Europol's European Cybercrime Centre and a number of high-profile internet and web security firms. Ramnit was used by cyber criminals to gain remote access to computers, infecting them by disabling anti-virus protection and enabling the theft of personal details including banking information and passwords.
26.02.15 - State breakdowns: Anthem breach by the numbers
While a whopping 78.8 million consumers may have had personal information viewed by “hackers who had accessed our database,” an Anthem spokesperson confirmed in a statement emailed to on Thursday, about 60 to 70 million individuals are current or former Anthem members.
26.02.15 - Google steps up its BYOD game; looks to secure more than a billion mobile devices
On Wednesday, Google officially launched Android for Work, which was announced last June at its I/O conference. The aim is to offer businesses a stopgap that addresses BYOD needs, including secured access to sensitive data and OS fragmentation. There are more than a billion people using an Android device right now, and a good portion of them are on the corporate network somewhere in the world. Each day these employees manage their workloads on the same device they use for social media, dating, and entertainment.
26.02.15 - Botnet of Joomla servers furthers DDoS-for-hire scheme
Researchers have uncovered a distributed denial-of-service (DDoS) attack campaign that takes advantage of Joomla servers with a vulnerable Google Maps plug-in installed. Akamai's Prolexic Security Engineering & Research Team (PLXsert) worked with PhishLabs' Research, Analysis, and Intelligence Division (R.A.I.D) to analyze malicious traffic coming from multiple Joomla websites, a threat advisory (PDF) issued Wednesday said.
25.02.15 - ICO fines hacked insurance firm £175,000
The Information Commissioner's Office has handed out a £175,000 fine to after the insurance company's data breach last year, which saw an unidentified hacker compromise 5,000 customers and access up to 110,000 live credit card details. Following the breach in October, the ICO has investigated the company's IT security practises and found that hackers had potential access to up to 110,000 live credit card details – including the three-digit security numbers (which should not be stored) – as well as customer medical records.
25.02.15 - Gemalto: NSA and GCHQ probably did hack us, but there was no massive leak of encryption keys
SIM card maker Gemalto has confirmed that its network was hacked - probably by the NSA and GCHQ - but said the breach could not have resulted in a massive theft of encryption keys. A story published by The Intercept - based on documents from NSA-contractor-turned-whistleblower Edward Snowden - claimed that a team made up of NSA and GCHQ staff hacked into Gemalto's network to try steal encryption keys used to protect the privacy of mobile communications. The attack is particularly noteable in that Gemalto was not the final target: the target was the users of mobile phones which used its technology, and raises questions about the behaviour and methods of the intelligence services.
25.02.15 - Malware on Lime Crime website, payment cards compromised
Cosmetics company Lime Crime is notifying an undisclosed number of customers that unauthorized access was gained to its website server and malware designed to intercept customer data, including payment card information was installed – from October 2014 to February. How many victims? Undisclosed. What type of personal information? Names, addresses, card account numbers, expiration dates, security codes and Lime Crime website usernames and passwords.
25.02.15 - Bug in popular WordPress plugin opens up websites to SQL injection attacks
A popular WordPress plugin that has more than 1.3 million downloads contains a vulnerability that can be exploited to perform SQL injection attacks against vulnerable websites, according to researchers with Sucuri, who consider the issue to be a very high security risk. The vulnerability exists in versions 3.9.5 and lower of the Slimstat web analytics plugin for WordPress, Marc-Alexander Montpas, senior vulnerability researcher with Sucuri, wrote in a Tuesday blog post. He urged all users to upgrade to version 3.9.6 immediately due to the severity of the issue.
25.02.15 - Not even GCHQ and NSA can crack our SIM key database, claims Gemalto
SIM card manufacturer Gemalto has given more details of what it understands is behind the reports that GCHQ and the NSA got their mitts on the encryption keys for its SIM cards. As we reported earlier, the company says it detected intrusions and prevented them, and that at no time were the systems which held information on the keys penetrated. If an intercept took place, it would have been when an actor listened into Gemalto's comms, the firm claims.
24.02.15 - Business disruption cyber attacks set to spur defence plans, says Gartner
By 2018, 40% of large organisations will have formal plans to address aggressive cyber-security business disruption attacks, up from 0% in 2015, according to research firm Gartner. Business disruption attacks require a higher priority from chief information security officers (CISOs) and business continuity management (BCM) leaders, the Gartner said.
24.02.15 - California dentist announces theft of server containing patient information
The office of a dentist in California, Cathrine Steinborn, was burglarized and a server containing patient and responsible party information – including Social Security numbers – was stolen. How many victims? Undisclosed. What type of personal information? Names, addresses, dates of birth, telephone numbers, Social Security numbers, dental and/or medical insurance information, health background information, treatment information, and billing information.
24.02.15 - Breach affects 10K motorists in U.K.
Nearly 10,000 motorists in the U.K. could be impacted by a breach that exposed details of their parking tickets online. A backdoor into a database belonging to, which has reportedly collected parking fines for two decades and is linked to the Driver and Vehicle Licensing Agency (DVLA) database, allows the public to access information, including names and addresses, according to a report by Sky News.
24.02.15 - Businesses should not wait for EU data protection law, says PwC lawyer
Businesses waiting for the EU General Data Protection Regulation (GDPR) before taking action have already missed the boat, according to partner at PwC Legal, Stewart Room. Versions of the new European Union data protection regulation to replace the outdated 1995 directive have been approved by the European Commission and the European Parliament.
24.02.15 - CISOs: Our Organizations are Wide-Open for Cyber-Terrorism
A majority of CISOs foresee cyber-terrorism and cybercrime posing significant risks to their organizations over the next three years. The Global Megatrends in Cybersecurity 2015 survey from the Ponemon Institute found there to be a disturbing lack of resources and a critical disconnect between CISOs and senior leadership at work. In and of themselves, these points are new issues, but against the growing threat landscape, the fact that they are preventing companies from adequately addressing cybersecurity threats will have real consequences.
23.02.15 - BT Tower hosts simulated cyber-attack
The London BT Tower, probably the most high profile communications target in the UK, whose public gallery was closed to avoid terrorist attack, was the venue for a simulated cyber-terrorist strike on Saturday, testing the ability of amateur contestants to win back control of a large building's power supply from hackers. The cyber-attack simulation mimicked sophisticated cyber-crime groups using Heartbleed and Shellshock type cyber-attacks. Defence efforts using crime-fighting tools ranging from cryptography to advanced penetration testing packages such as Kali-Linux, were assessed by experts from organisers Raytheon UK, as well as GCHQ, the National Crime Agency, BT, C3IA and Airbus Group
23.02.15 - Leaky battery attack reveals the paths you walk in life
More than 100 mobile apps leak users' location regardless of whether they opt to keep the information private, according to researchers. Power consumption data is the source of the leaks, which make it possible to determine users' whereabouts with 90 percent accuracy. A quartet from Stanford University and Israeli defence contractor Rafael developed an app called PowerSpy to demonstrate the leak.
23.02.15 - Parents ‘want kids taught digital skills’
Parents ‘want kids taught digital skills’ More three quarters of Australian parents think that digital skills and computer programming should be integrated into school curriculums, says the AIIA. The Australian Information Industry Association (AIIA) has published a Digital Skills and Careers Report, in collaboration with National ICT Australia (NICTA) and the Australia Computer Society (ACS). The research was conducted by Newspoll.
23.02.15 - Organisations address virtual server backup but disaster recovery top priority in 2015
UK IT departments are increasingly able to say “job done!” when it comes to virtual server backup. At the same time, the number of disaster recovery, cloud storage and solid-state flash storage deployments continue apace. Those are the findings of the IT Priorities Survey for 2015, which questioned 111 UK IT professionals about their planned IT spending priorities for 2015.
23.02.15 - UK businesses' IT services better off in India than the cloud
UK businesses have yet to be convinced of the benefits of cloud computing, we continue to outsource the IT, according to a major global survey by KPMG. The annual Service provider and performance satisfaction study from KPMG looked at 2,100 global contracts worth £7.8bn, including 313 the UK. 44792_KPMG.jpg According to the study, 71% of UK businesses only spend 10% – or even less – of their IT budget on cloud services. Most are still outsourcing the traditional way, with India the favourite destination for IT services, according to 51% of UK companies. Poland was the next favourite with South Africa, both preferred by 8%.
23.02.15 - Legacy vulnerabilities easy route for hackers
Legacy vulnerabilities in older code are becoming increasingly big risks to corporations as attackers are zooming in on unpatched and largely forgotten issues, according to HP's Cyber Risk Report. HP's report highlights that push and pull between Google and Microsoft over vulnerabilities. Google has outed Microsoft issues before it could issue a fix to customers. However, Google's point is that Microsoft needs to step up the pace.
23.02.15 - Gemalto: Our SIM cards are secure, despite NSA hack claim
SIM card maker Gemalto has said its products - which are used in mobile phones, bank cards, and passports - are secure, despite claims that the NSA and GCHQ hacked its network to steal encryption keys in an attempt to eavesdrop on mobile phone conversations around the globe. A story published by The Intercept - based on documents from NSA-contractor-turned-whistleblower Edward Snowden - claimed that a team made up of NSA and GCHQ staff hacked into Gemalto's network to steal encryption keys used to protect the privacy of mobile communications by billions of people.
21.02.15 - Lenovo admits security issues with Superfish, releases removal tool
After playing a dead bat and attempting to push the perception that Superfish was not a security concern, Lenovo has admitted that it was caught napping on the security implications of preloading a piece of adware that installed its own self-signing man-in-the-middle proxy service that hijacked SSL/TLS connections. "We did not know about this potential security vulnerability until yesterday," Lenovo said in a statement released on Saturday, Sydney time. "We recognise that this was our miss, and we will do better in the future. Now we are focused on fixing it."
20.02.15 - US and UK accused of hacking Sim card firm to steal codes
US and British intelligence agencies hacked into a major manufacturer of Sim cards in order to steal codes that facilitate eavesdropping on mobiles, a US news website says. The Intercept says the revelations came from US intelligence contractor turned whistleblower Edward Snowden
19.02.15 - Wearables Evolving to Combine Fashion and Function
The intersection of fashion and fitness is the new frontier of wearable technology, a panel of fashion designers and tech experts said at the FastA/W15 event during MADE Fashion Week in New York City. The wearables market, which is quickly expanding, is well on its way to marrying smart tech with fashion. According to Gartner, 30 percent of smart wearable devices will be inconspicuous to the eye by 2017. But as developers and designers continue to make progress, the industry still has its challenges.
13.02.15 - Barack Obama to host cyber crime summit in Silicon Valley
US president Barack Obama is to meet representatives of the world’s largest companies, the US Secret Service, the FBI and the UK’s National Crime Agency today (13 February 2015) to discuss how to tackle cyber crime. The meeting follows a bad year for information security with several high-profile data breaches in the US and comes amid growing fears of the global economic impact of cyber crime estimated at around $445bn a year.
13.02.15 - 16 million mobile devices hit by malware in 2014: Alcatel-Lucent
French telecommunications equipment company Alcatel-Lucent has published a report compiled by its Motive Security Labs division, which found that malware infections in mobile devices increased by 25 percent in 2014, compared to a 20 percent increase in 2013. According to Alcatel-Lucent, the current malware infection rate for mobile devices stand at 0.68 percent, a figure which the company's Motive Labs used to estimate that around 16 million devices worldwide were likely to have been infected by malicious software as at the end of 2014.
12.02.15 - Mobiles and POS systems to top cyber hit list, says Verisign
Cyber-criminals will ramp up attacks on mobile devices and point of sale (POS) systems, according to the 2015 cyber trends and threat analysis by Verisign iDefense Security Intelligence Services. This is one of 10 predictions made by the iDefense analysis to help cyber security and business operations teams plan their response to the most critical cyber threats and trends affecting their enterprises.
12.02.15 - Scottish companies warned over 'insider threats'
Scottish companies are being warned to do much more to tackle the threat posed to their security by "corrupt and careless" employees. The warning will be made at Scotland's first national Insider Threat conference, organised by the Scottish Business Resilience Centre (SBRC). The event will hear that 85% of fraud is committed by past and present staff.
12.02.15 - Cyber attack takes down Dutch government sites
A cyber-attack took down most of the Dutch government's websites on Tuesday, it has been confirmed. The attack, which also took down some private sites, highlighted the vulnerability of public infrastructure. It came as the US beefed up its defences, and followed warnings that sites belonging to the French authorities had been targeted. Dutch MPs demanded that the government ensures state sites were capable of withstanding similar attacks in future.
12.02.15 - Forbes 'watering hole' attack the work of Chinese state cyber espionage, claim researchers
A "watering hole" attack on, one of the world's most popular news websites, which exploited zero-day vulnerabilities in Adobe Flash, was the work of Chinese state espionage organisations, according to an analysis by security services company iSight. Following the attack, which lasted from 28 November to 1 December last year, the company claims that US defence contractors and financial services companies were subsequently attacked as a result.
11.02.15 - DDoS attack leaves Dutch websites offline for hours
People in the Netherlands with government-related business to take care of would probably agree that yesterday was not the best of days to do it. In what initially appeared to be a simple glitch, all Dutch government websites went down on Tuesday morning, only coming back up more than twelve hours later. Initially, it was thought that the cross-site outage was related to problems with the fibre broadband network, since, as well as the government websites, several other big Dutch sites went down - and they were all hosted by the same company, Prolocation.
10.02.15 - Rise of the machines: Samsung TVs are spying on you, hacked vehicles put 'our lives at risk'
Samsung has admitted that its voice-activated Smart televisions may be able to record sensitive information from users, while fresh fears have arisen that security weaknesses in Internet of Things-equipped vehicles may leave them wide open to software hacks. The small print in the privacy policy in models of Samsung's Smart TVs that feature voice activation reveals that the devices may record background conversations between commands and that this data is sent to a third party. A user's television could therefore potentially record details of passwords or bank accounts and send them to a third party.
10.02.15 - Hackers will target online NHS medical data, warns ICO
Cyber attacks and ID theft will increase as patient data is made digital and accessible online, the Information Commissioner's Office (ICO) has warned. Dawn Monaghan, public sector group manager at the ICO, said that the goal of sharing patient data across the health service puts personal information at greater risk from hackers. "I would suggest that the cyber security and ID theft side of things will start to come up the pile in healthcare when you get proper online access to information," she said at a Westminster Health Forum event attended by V3.
09.02.15 - Security Think Tank: Lessons to be learned from Sony breach
While there is still some debate around how the attack on Sony was facilitated, what we do know is an attack this successful and of this magnitude will have required significant preparation and planning. It would appear that one of three things has transpired – either it was facilitated by the acts of a malicious insider or ex-insider; it was a non-malicious insider or human error; or it was successful because of poorly configured, patched and locked-down networks.
02.02.15 - Advent IM Recognised as Cyber Security Solution Supplier to HM Government
Holistic Security Consultancy and member of the Malvern Cyber Security Cluster, Advent IM Ltd, have today announced their confirmed status as Cyber Security Solution suppliers to HM Government. Advent IM today announced their confirmed status as Cyber Security Solution providers to HM Government, following their longstanding and successful supplier relationships with several government departments. The scheme is administrated by the Department for Business, Innovation & Skills and enables certified cyber security suppliers to Government to be able to publicise the fact. This offers a distinct advantage to those businesses, enables the Government’s plan to work with more SME’s and also supports the export of UK cyber security expertise.
30.01.15 - Selling passwords for $150, and other dumb ways users threaten corporate security
Corporate passwords for sale, $150 OBO. That, apparently, is how little some employees may take in exchange for compromising their company's security. SailPoint’s Market Pulse Survey, compiled from responses from 1,000 workers from large companies with at least 3,000 employees, offers vivid examples of how easily one person can create a lot of risk—and why passwords alone are simply inadequate.
30.01.15 - Cybercrime: protect your business from these common hacks
Cyber attacks are frequently in the headlines – recent high-profile targets include Sony, with its spoof movie about assassinating a dictator. But it’s not just the business behemoths that need to prepare against hackers. In fact, nine in 10 SMEs say cybercrime is their top business concern, new research will show.
30.01.15 - Global DDoS attacks increase 90 percent on last year
Akamai Technologies' Q4 2014 State of the Internet - Security report has found that the number of distributed denial-of-service (DDoS) attacks nearly doubled since 2013. The report (PDF) showed DDoS attacks increased by 90 percent from Q4 2013, and increased by 57 percent compared to the last quarter. There was also a 52 percent increase in average peak bandwidth of DDoS attacks compared to Q4 2013.
29.01.15 - How three small credit card transactions could reveal your identity
Just three small clues—receipts for a pizza, a coffee and a pair of jeans—are enough information to identify a person’s credit card transactions from among those of a million people, according to a new study.
29.01.15 - The Future of Wearables Isn’t a Connected Watch
At Intel’s big Make It Wearable competition in San Francisco late last year, the theme of the day was “no way.” As a parade of entrepreneurs took the stage to promote their Next Big Things, the phrase erupted in my brain again and again. A glove that tracks workers’ movements on a factory floor? No way. A turtle-shaped bionic baby that new mothers, whose premature infants have to stay in incubators, wear on their chests? No way. A drone that attaches to your arm, flies off when you flick your wrist, hovers, and snaps a selfie? I mean, come on!
29.01.15 - Zeus variant targeting Canadian banks, U.S. banks may also be a target
A new variant of the nefarious Zeus trojan is targeting a number of banks in Canada, including Bank of Montreal, Royal Bank of Canada, and National Bank of Canada, according to SentinelOne.
29.01.15 - Data from death inquiries lost by Ministry of Justice
Discs containing information from three of the UK's most sensitive inquiries have gone missing after being put in the post. The material relates to inquiries into the role of the police in the deaths of three men, Mark Duggan, Azelle Rodney and Robert Hamill. Officials realised the discs were missing three weeks ago and one member of staff has since been suspended.
29.01.15 - Ofcom aims to regulate Internet of Things in the UK
Communications regulator Ofcom and the Information Commissioner's Office (ICO) are teaming up with industry and government to regulate the Internet of Things (IoT). The IoT describes the idea that billions of smart gadgets, sensors and devices are connected to each other and to the internet.
28.01.15 - Cyberthreat sharing must include strong privacy protections, advocates say
U.S. lawmakers should put strict privacy controls into planned legislation to encourage companies to share cyberthreat information with government agencies and each other, some advocates said.
28.01.15 - EU air passenger database about to take flight, but critics want it grounded
The European Commission is reportedly revving up the engines on a controversial plan to retain passenger flight data across the EU, although a prior attempt got its wings clipped due to privacy concerns. The new plan calls for a database with personal flight data such as travel dates, itineraries, ticket information and baggage information, according to a document published by Statewatch on Wednesday and described as a leaked and legitimate EC document.
28.01.15 - New Chrome extension spots unencrypted tracking
A new Chrome extension highlights tools embedded in websites that could pose privacy risks by sending data unencrypted over the Internet. It’s hard to find a major website that doesn’t use a variety of third-party tracking tools for online advertising, social media and analytics. But if the trackers send data unencrypted, it is possible for those who have network-level access—such as an ISP or government—to spy on the data and use it for their own tracking.
27.01.15 - How could allowing customers to use personal hotspots pose a security risk to a business’s network?
The FCC just issued a ruling that companies like Marriott Hotels cannot block the personal WiFi hotspots of their guests. Marriott argued that by allowing guests to use their own hotspots it put their own network at risk. What risks could legitimately be posed to a network by allowing personal WiFi hotspots?
25.01.15 - Hoax call put through to David Cameron from person claiming to be head of GCHQ
A man claiming to be a hoax caller who was put through to David Cameron's phone after posing as the director of GCHQ has said he was high on drink and drugs at the time. A call to Britain's eavesdropping agency, during which a mobile phone number for director Robert Hannigan was disclosed to the caller, was followed by a hoax call to Downing Street, which saw the caller connected to Mr Cameron. The Prime Minister ended the call when it became clear it was a hoax and no sensitive information was disclosed, Downing Street said.
23.01.15 - Filtering by the back door: UK's privacy-threatening zombie leglisation revived
Proposed amendments to the Counter-Terrorism and Security Bill currently making its way through Parliament could significantly extend the government's powers of data retention and surveillance. The proposed amendments, introduced by four members of the House of Lords on Wednesday, would replicate many of the clauses of the Communications Data Bill, abandoned in 2012. The proposed amendments would open the door to the introduction of new requirements for telcos and other comms service providers to filter communications data, in order to satisfy requests from the police and "other relevant public authorities".
22.01.15 - EU wants to force internet, phone companies to turn over encryption keys
A senior European official has called on the region's leaders to force technology companies into sharing encryption keys with national authorities. The EU's counter-terrorism coordinator Gilles de Kerchove wrote in a document, leaked by Statewatch, is pushing the European Commission to adopt rules "obliging" internet and phone companies operating the region to cooperate with national authorities combating and investigating terrorism.
22.01.15 - UK businesses handing over cyber security to third parties
More UK businesses are outsourcing their IT security because budgets are not growing as fast as the security threat. A Pierre Audoin Consultants (PAC) study of 230 people at businesses with more than 1,000 staff found that the combination of increasing threats, shortage of skills and stagnant IT security budgets is pushing firms to outsource security.
22.01.15- South Korean nuclear power plant attacked by hacker
Computer systems at a South Korean nuclear power plant have been hacked, causing the company to conduct drills to test its ability to cope with a full-scale cyber-attack. Some documents belonging to KHNP - part of the state-run utility Korea Electric Power Corp – leaked online, but the organisation said there was no hacking of the nuclear reactor operations.
21.01.15 - How a 7-year-old girl hacked a public Wi-Fi network in 10 minutes - See more at:
Free Wi-Fi at a coffee shop or other public space is a welcome sign for millions of people everyday who want to get some work done, make a video call, or just catch up on a bit of online shopping. However, as results of a new experiment today prove, public Wi-Fi is so unsecure it can even be hacked by a seven-year-old child – and in just over ten minutes.
19.01.15 - Shoe retail chain Office decommissions servers after security breach
Shoe retail chain Office has decommissioned several of its servers that were compromised during a security breach that was first revealed in May 2014.
16.01.15 - Microsoft fumes, Google discloses another Windows security flaw
Google has discovered a bug in the CryptProtectMemory memory-encrypting function found within Windows 7 and 8.1, and made its disclosure public after its Project Zero deadline of 90 days passed. The bug was found by James Forshaw, who also discovered a privilege elevation flaw in Windows 8.1, the disclosure of which drew the ire of Redmond earlier this week. Forshaw described his new issue as an impersonation check bypass that could be an issue if a service is vulnerable to a named pipe planting attack or is storing encrypted data in a world readable shared memory section.
16.01.15 -Xbox And Sony Cyber AttacK: Teen Arrested
A teenager has been arrested in Merseyside following cyberattacks on Sony PlayStation and Xbox systems last year. The teenager was held today in Southport, Merseyside, after a joint British and FBI-led operation. He was arrested on suspicion of unauthorised access to computer material. He was also detained for alleged threats to kill, the South East Regional Organised Crime Unit (SEROCU) said.
15.01.15 - President Obama Is Waging a War on Hackers
In next week’s State of the Union address, President Obama will propose new laws against hacking that could make either retweeting or clicking on the above (fictional) link illegal. The new laws make it a felony to intentionally access unauthorized information even if it’s been posted to a public website. The new laws make it a felony to traffic in information like passwords, where “trafficking” includes posting a link.
15.01.15 - isky time for risk insurers as fraud threats increase
Insurers have been warned that they will collectively need to spend US$3.3 billion on information security to counter financial crimes and in the face of heightening fraud brought on by the global ‘digital revolution’. The alert comes from the latest research report by IDC which says that rigor on risk management will continue as insurers enter an era of what it calls ‘re-regulation’.
15.01.15 - Android malware encounters surged in 2014, up by 75 percent, report says
Although many U.S.-based security professionals and mobile device users might have once believed their devices were safe from malware, new research suggests that in 2014, Android mobile malware proliferated with encounter rates increasing by 75 percent over 2013.
15.01.15 - IC3 warns of payroll scam targeting university employees
The Internet Crime Complaint Center (IC3) issued an advisory on Tuesday, warning of an ongoing scam in which university employees receive phony emails about a change in their human resource status. The emails contain a link that, when clicked, directs the recipient to a website with a very similar appearance to their legitimate human resources site, the advisory indicates.
15.01.15 - Several vulnerabilities addressed in Firefox 35, some deemed critical
Mozilla released Firefox 35 on Tuesday, and it comes with fixes for numerous vulnerabilities, a few of which are deemed critical. Security researcher Nils is credited with discovering a critical ‘Gecko Media Plugin (GMP) sandbox escape' vulnerability that could enable an attacker to “escape or bypass the GMP sandbox if another exploitable bug is found in a GMP media plugin which allowed them to compromise the GMP process,” according to an advisory.
14.01.15 - Survey: most orgs not very prepared to recover IT assets following a disaster
Cloud services company Evolve IP conducted its “2015 Disaster Recovery & Business Continuity Survey” with more than 2,000 executive and IT professionals, and, in the end, learned that less than half feel very prepared to recover their IT and related assets following a disaster or other incident.
13.01.15 - UK PM looking to outlaw encrypted online communication
United Kingdom Prime Minister David Cameron will move to outlaw forms of digital communication that cannot be read by law-enforcement and intelligence agencies if he wins the next general election. Such a move could see messaging platforms that encrypt their data, including apps such as WhatsApp and Snapchat, along with Apple's iMessage and FaceTime, blocked under the proposed legislation.
12.01.15 - Obama to talk cyber with UK prime minister
President Obama and U.K. Prime Minister David Cameron will cap off the White House’s week of cybersecurity focus with a meeting to discuss anti-hacking measures, according to a British report.
12.01.15 - British Afghanistan troops' medical records lost
The medical records of hundreds of British soldiers are feared to have been lost in Afghanistan, it can be revealed. Two unencrypted laptops used by Army medics in theatre carrying the records of up to 1,300 troops were discovered to be missing in a recent equipment audit.
12.01.15 - Sussex Police Website Breach Leaves Public Email Addresses Leaked
The website of Sussex Police has suffered multiple data breaches, resulting in the leaking of e-mail addresses of officers and members of the public, the Government Computing website reported last week. The force is investigating three breaches of its external website in the attacks, which happened over Christmas. The incident may have affected up to 270 people.
08.01.15 - A Cyberattack Has Caused Confirmed Physical Damage for the Second Time Ever
Amid all the noise the Sony hack generated over the holidays, a far more troubling cyber attack was largely lost in the chaos. Unless you follow security news closely, you likely missed it.
08.01.15 - Skype users report malicious ads on service
Skype users have reported seeing malicious adverts on the voice over IP service. According to a discussion thread, a user claimed to be “running the latest windows desktop client” yet received an advert that “will take you to a site pretending to be Adobe and try to download viruses to your machine”. Another comment claimed “the ad leads to a page that tries to initiate a download of a (supposed) Java installer”.
08.01.15 - Data Protection: Do nine-figure fines make you anxious, or are they just inconvenient?
Data protection should be very high on the agenda for every organisation at the moment. The Edward Snowden revelations have ensured that privacy and data security are already high on the agenda for members of the public.
08.01.15 - 2014 Hack Retrospective, Or Why Security Ecosystems Matter
The “Year of the Hack” will probably be one way that 2014 will be remembered. But it actually began in 2013 with a phishing email sent to independent, mid-sized air conditioning vendor Fazio Mechanical.
07.01.15 - Stealthy 'XOR.DDoS' trojan infects Linux systems, installs rootkit
A newly discovered trojan is infecting Linux systems and possibly building up an arsenal of devices to be used in distributed denial-of-service (DDoS) attacks, according to a blog post from Avast.
07.01.15 - DDoS Attacks Slam Finnish Bank
Police in Finland are investigating a series of distributed denial-of-service attacks against the country's OP Pohjola financial services group that have intermittently shut down online banking and direct debit services.
06.01.15 - Addressing Health Data Sharing Risks
As healthcare organizations step up their efforts this year to exchange more patient data with others to help improve care, it's urgent that they address the "significant risks" involved, says Erik Devine, chief security officer at 370-bed Riverside Medical Center in Kankakee, Ill.
05.01.15 - Sony's Hirai praises staff in hack, hails freedom of speech
Sony’s CEO finally broke his weeks-long silence on the hack of Sony Pictures Entertainment, saying he’s proud of its staff and partners for standing up to “extortionist efforts of criminals” and for getting “The Interview” to audiences.
05.01.15 - Gogo issues fake HTTPS certificate to users visiting YouTube
Gogo has been caught issuing a fake digital certificate for YouTube, a practice that in theory could allow the inflight broadband provider to view passwords and other sensitive information exchanged between end users and the Google-owned video service. Normally, YouTube passwords, authentication cookies, and similar site credentials are securely encrypted using the widely used HTTPS protocols. A public key accompanying YouTube's official HTTPS certificate ensures that only Google can decrypt the traffic. The fake certificate Gogo presents to users trying to access the video site bypasses these protections, making it possible for Gogo to decipher data. It has long been Gogo's policy to block access to streaming sites and other bandwidth-intensive services. A company official said the fake YouTube certificate is used solely to enforce the policy and not to collect data intended for YouTube. Security and privacy advocates criticized the technique anyway, characterizing it as heavy-handed.
05.01.15 - Free tool automates phishing attacks for Wi-Fi passwords
A new open-source tool can be used to launch phishing attacks against users of wireless networks in order to steal their Wi-Fi access keys. Gaining access to a WPA-protected Wi-Fi network can be extremely valuable for attackers because it puts them behind the firewall, in what is generally a high-trust zone. This allows them to mount man-in-the-middle attacks against the network's users to steal sensitive data and authentication cookies from unencrypted traffic.
05.01.15 - Retail cyber attacks drop by half despite rising data theft: IBM
A report released Monday from IBM security researchers suggests that, overall, cyber attacks against retailers are on the decline, even though the total amount of data compromised continues to steadily rise.
05.01.15 - iCloud hole closed following brute force attack
2015 began, predictably, with a major hack of a global service provider, when on New Year's Day a tool to hack all accounts on Apple's iCloud was announced – via a vulnerability reported today to have been fixed.
05.01.15 - Hackers can exploit free mobile apps to steal data, study shows
Hackers can access private data by exploiting vulnerabilities, mostly in free mobile apps, according to research by security consultancy MWR InfoSecurity. Code used by advertisers and third parties for tracking can be abused to access address books and text messages, and to take control of mobile devices, the study found.
05.01.15 - If you've been hacked, and nothing else is secure, you need an, err, old BlackBerry
Everyone knows that BlackBerrys were the communications system of choice of the chav-erati during the 2011 London riots. Using BlackBerry Messenger (BBM), they could securely coordinate their pillagings of the local Argos or Euronics electrical store without fear of the Old Bill listening in. Well, not until the Old Bill asked BlackBerry to help them out.
04.01.15 - UK police arrest suspected Lizard Squad member
British and US police may be closing in on cyber-vandal group that said it hit Sony and Microsoft games networks over Christmas, helped the Sony Picture hack and has launched a low-cost DDoS attack tool. UK police arrest suspected Lizard Squad member UK police arrest suspected Lizard Squad member Thames Valley police have arrested a 22-year old man from Twickenham who is reportedly a leading member of the Lizard Squad group of hackers.
31.12.14 - Google researcher exposes unpatched Windows 8.1 security flaw
A Google researcher by the name 'forshaw' found and reported a privilege escalation bug in Windows 8.1. Forshaw even reveals a PoC (Proof of Concept) program for the Windows 8.1 weakness. In it, forshaw details how to take advantage of the Windows 8.1 bug:
24.12.14 - Will the EU data protection regulations shoot down cloud social media and big data?
When the European Union Data Protection Protection Directive was passed in 1995, the concepts of data, data privacy and storage, and the potential for misuse of that data were very different. The internet, furthermore, was still young and the Directive, in any case, was largely based on the UK's own Data Protection Act of 1984.
19.12.14 - US to Increase Levels of Security Screening at Cruise Ship Terminals
The TSP is expected to increase security at cruise ship terminals by developing a standardized list of prohibited items; developing training standards to consolidate requirements for screeners; eliminating redundancies in cruise ship security regulations and; requiring the screening of all passenger, crew, visitors’ baggage and personal items.
19.12.14 - Huge data leak sees personal details of 15,000 Hackney residents published online
Bungling council officers have also revealed the age and housing benefit entitlement of Hackney Homes tenants and leaseholders in the botched Freedom of Information request, which was inadvertently published in full on the website What Do They Know (WDTK). The private information was publicly available online for 11 days before the error was noticed on November 25 – but affected residents were only informed of the huge data breach in a letter sent out this week.
18.12.14 - The Secret World of Stolen Smartphones, Where Business Is Booming
In late May of 2012, a damaged package split open at a FedEx facility in Rancho Cordova, California, spilling dozens of boxed iPhones across the shipping room floor. A worker there contacted Apple, which, with the help of corporate security at Verizon, confirmed what FedEx personnel already suspected: The devices were contraband, likely bound for the black market. Two hours later, a man named Brian Fichtner showed up at the facility. Fichtner is thin and wiry, with the clipped demeanor of a career cop and a passing resemblance to the actor George Clooney. He has spent his entire professional life in law enforcement, first as a narcotics investigator and most recently as a member of the California Department of Justice’s elite eCrime Unit, a group tasked with prosecuting tech-related violations—identity theft, revenge porn, the large-scale smuggling of electronics.
18.12.14 - The 'grinch' isn't a Linux vulnerability, Red Hat says
The “grinch” Linux vulnerability that Alert Logic raised alarms about Tuesday is not a vulnerability at all, according to Red Hat. “This report incorrectly classifies expected behavior as a security issue,” said a Red Hat bulletin issued Wednesday, responding to Alert Logic’s claims. Security firm Alert Logic Tuesday claimed that grinch could be as severe as the Heartbleed bug and that it’s a serious design flaw in how Linux systems handle user permissions, which could allow malicious attackers to gain root access to a machine.
18.12.14 - Worst Security Breaches of the Year 2014: Sony Tops the List
As 2014 winds down, the breach of Sony Pictures Entertainment is clearly the biggest data breach of the year and among the most devastating to any corporation ever. Attackers broke in and took whatever they wanted, exfiltrating gigabytes and gigabytes of documents, emails and even entire movies, apparently at will for months and months on end.
17.12.14 - Cyber Attacks Stop Multi-Million Dollar Poker Tournament
The idea was to host the biggest Poker tournament since Black Friday with a multi-million dollar prize pool, which was open to Americans, but for now, it will remain only an idea. Winning Poker Tournament (WPN) was forced to cancel their latest tournament a short time prior to closing the late registration, leaving the 1,937 participants with nothing except a full refund and a vague message the player's tables.
17.12.14 - London teen pleads guilty to Spamhaus DDoS
A 17 year-old Londoner has pleaded guilty to a series of denial-of-service attacks against internet exchanges and the Spamhaus anti-spam service last year. The teenager – who we cannot name for legal reasons – also admitted money laundering and possessing indecent images. faces a sentencing hearing on 9 January, a police statement confirmed:
Regulator was keen to point out that none of the attacks were successful. There were 1,658 attempted attacks on Ofcom's IT systems in October and November. These attacks comprised of 382 SQL injection attacks, 188 malware and/or viruses, and 1,088 phishing emails. The attacks on the UK regulatory body for media and communications were defined as 'detected attempts at gaining unauthorised access to the Ofcom system'.
Regulator was keen to point out that none of the attacks were successful. There were 1,658 attempted attacks on Ofcom's IT systems in October and November. These attacks comprised of 382 SQL injection attacks, 188 malware and/or viruses, and 1,088 phishing emails.
15.12.14 - Top 10 Security Stories of 2014
As usual the year has vanished even faster than the last. Christmas time is upon us so it’s time once again to look back on the most-read security articles of the year. From a news story about Google glasses to a debate about choosing the right security products and infographic on the security industry’s different disciplines, it’s a real mixed bag.
15.12.14 - Cornwall Council sent information about salaries and redundancies to wrong staff in data breach
Cornwall Council has sent personal information about its staff, including salary details and redundancy packages, to the wrong individuals. The whistleblower who reported the breach said that letters were sent to 300 staff, but despite admitting to the breach, the council has claimed that only 50 people were affected, blaming the breach on a "data transfer error".
15.12.14 - 2014 in security: The biggest hacks, leaks, and data breaches
U.S. security contractor vetting firm hit by breaches A contractor for U.S. Homeland Security suffered a data breach, leading to the leak of personal information on employees. The private company, USIS, conducts background checks on behalf of the government agency. USIS came under fire for being the firm that vetted Edward Snowden. The U.S. Justice Dept. also accused the company of faking more than half-a-million background checks.
11.12.14 - HMRC blocks 4,000 phishing sites to protect taxpayers
HM Revenue & Customs has closed down 4,000 illegal websites and responded to 75,000 phishing reports as part of its pro-active technical measures to protect taxpayers from online fraud. HMRC stated it had secured web domains that could be used by criminals to send fraudulent emails to customers for the purposes of delivering malware or stealing personal information.
11.12.14 - Charge Anywhere Admits Breach May Have Given Hackers Access for Five Years
Mobile payments firm Charge Anywhere has been left rueing its decision to only partly encrypt card data crossing its network after revealing that malware on its systems may have allowed attackers to capture card details from as far back as 2009. The New Jersey-headquartered firm, which handles payments for mobile apps, websites and M-POS systems, said in a lengthy statement that it found the previously undetected malware after being alerted about fraudulent transactions that appeared on some of its customers’ cards.
11.12.14 - DDoS of unprecedented scale 'stops Sweden working'. The target? A gaming site
Much of Sweden's fixed-line broadband became collateral damage as a result of a DDoS attack on a mystery gaming site this week. While DDoS attacks are par for the course for most online businesses these days, the vast majority of these attacks don't go on to affect the broadband connections of an entire country. But that's what happened to customers of Telia, Sweden's largest ISP, for 45 minutes on Tuesday night and then again intermittently throughout Wednesday afternoon and evening. Telia hasn't said how many of its 1.2 million residential subscribers were affected by outages but has confirmed the attack knocked out fixed-line broadband, digital TV, and VoIP connections.
11.12.14 - Home surveillance CCTV images may breach data protection laws, ECJ rules
mages captured on a household surveillance camera could breach data-protection rules if the person filmed was on a public footpath when videoed, the European court of justice (ECJ) has ruled. By clarifying European legislation, the judgment could have significant consequences for householders in the UK who use CCTV and keep or try to use the images, according to a legal expert.
09.12.14 - Police Must ‘Learn How To Support Cybercrime Victims’
Professional services firm KPMG has hit out at UK police forces, suggesting they lack an understanding of cybercrime triggers and are unable to offer support to victims of online crime. On November 27, Her Majesty’s Inspectorate of Constabulary (HMIC) published a 243-page audit , which stated that law enforcement agencies are failing to get to grips with cyber crime. The watchdog also highlighted concerns over the “erosion” of basic investigative skills.
09.12.14 - Target guilty of massive $30m data breach
Retailer found responsible for huge data hack, clearing path for banks to sue Target is to blame for a data breach that saw 70 million customer records stolen a year ago, a judge has ruled, paving the way for a flurry of lawsuits from banks seeking to recover their losses
09.12.14 - Can Iran Turn Off Your Lights?
Online security company Cylance released a report last week showing that an Iranian cyber-espionage operation “Operation Cleaver” had successfully breached U.S. and foreign military, infrastructure and transportation targets. The report claimed to confirm widely-suspected Iranian hacks of the unclassified Navy Marine Corps Intranet system, NMCI, in 2013. It describes (with explicitly naming) more than 50 targets around the world, including players in energy and transportation
09.12.14 - U.K. Court Case Against Google Could Clarify Law On Private Data
The U.K. data protection watchdog, the ICO, has intervened in a court case brought against Google on privacy grounds by a group of U.K. Internet users because it is interested in how aspects of the case might help clarify questions around the jurisdiction of national data protection law vis-à-vis Internet giants, which are invariably based overseas.
08.12.14 - The role of the chief data officer – why it is a necessary one - See more at:
The chief data officer (CDO) is a new role that seems to be springing up across enterprise companies to oversee the processes, tools and governance around use of information. CDOs have been hired at organisations as diverse as the British Army, RBS, Aviva and Havas Media, while Deutsche Bank announced JP Rangaswami, ex-BT and SalesForce, as the bank’s first CDO this month.
04.12.14 - Sites certified as secure often more vulnerable to hacking, scientists find
Seals certifying the security of e-commerce sites and other online destinations have long aroused suspicions that they're not worth the bits they're made of—much less the hundreds or thousands of dollars they cost in yearly fees. Now, computer scientists have presented evidence that not only supports those doubts but also shows how such seals can in many cases make sites more vulnerable to hacks.
04.12.14 - Q&A: Cyber security and technology risk for investment funds
FW moderates a discussion on cyber security and technology risk for investment funds between Mike Gillespie at Advent IM Ltd, Jay Leek at The Blackstone Group, Scott Loughlin at Hogan Lovells US LLP, and Brian E. Finch at Pillsbury Winthrop Shaw Pittman LLP.
02.12.14 - Uber’s Database Could Be Tempting for Hackers
Uber hasn’t looked so hot on privacy lately. Between senior executive Emil Michael suggesting at a private dinner that Uber dig up dirt on journalists, and the revelation that general manager Josh Mohrer had been disciplined by the company for privacy violations against users, November was a rough month.
02.12.14 - The 10 Biggest Bank Card Hacks
The holiday buying season is upon us once again. Another event that has arrived along with the buying season is the season of big box retailer data breaches. A year ago, the Target breach made national headlines, followed shortly thereafter by a breach at Home Depot. Both breaches got a lot of attention, primarily because the number of bank cards affected was so high—more than 70 million debit and credit card numbers exposed in the case of Target and 56 million exposed at Home Depot.
02.12.14 - The breach at Sony Pictures is no longer just an IT issue
I'm going to make a prediction. The breach at Sony Pictures has nothing to do with North Korea, aside from the fact that the destructive malware believed to be present on Sony's network is similar to the malware used in South Korea in 2013 - an incident that was blamed on North Korea.
02.12.14 - Whitelisting project helps industrial control systems owners find suspicious files
Industrial control systems have been at the center of some scary security stories recently, but investigating malware infections in such environments isn't easy because analysts often having a hard time telling good files from suspicious ones. FEATURED RESOURCE PRESENTED BY TIBCO SOFTWARE 10 Best Practices for Cloud Business Intelligence: Enabling the Business Business driven Business Intelligence (BI) and analytics represent a shift in the enterprise that is LEARN MORE Security researchers have identified two malware campaigns this year that targeted SCADA (supervisory control and data acquisition) systems -- Havex and BlackEnergy. Such attacks are expected to grow in number, as new reports show that state-sponsored hackers are increasingly interested in critical infrastructure companies.
02.11.14 - Cybercriminals turn talents to stock market manipulation
Hackers have begun to use their skills to go after a target far more lucrative than the average brick-and-mortar retailer -- instead, researchers have discovered cybercriminals tampering with the stock market. A number of high-profile cyberattacks have dominated the headlines this year. US retailer Target suffered a debilitating data breach last year resulting in millions of customer credit cards being compromised, and Staples is currently investigating a security breach which struck stores in October.
02.12.14 - Silver-tongued phish bait lures execs, hooks M&A deals
A hacking group has been stealing identity information and reading emails to get the inside edge on stock markets to buy and sell to make quick profits. Vendor FireEye reckons the group sent articulate phishing emails with malicious attachments demonstrating "deep" knowledge of financial markets and corporate communications. In one instance the attackers targeted five organisations involved in a then non-public merger, months before the deal was announced. In another, it used information gleaned from a hacked consultancy to better target that firm's clients
01.12.14 - The Next Big Cybercrime Vector: Social Media
With attacks on enterprise networks becoming more sophisticated, organizations have stepped up perimeter security by investing in the latest firewall, data protection, and intrusion prevention technologies. In response, hackers are moving to the path of least resistance and looking for new avenues to exploit. Many security experts believe the next wave of enterprise hacking will be carried out via social media channels.
UK consumers call for hasher penalties for organisations who lose customer data. More than half of UK consumers (59 per cent) believe organisations should face harsher penalties for losing sensitive data, according to research. A survey of 1,000 consumers by market researcher One Poll, on behalf of security firm LogRhythm, found almost a quarter (24 per cent) of people feel that punishments currently levied are often unequal.
27.11.14 - Data Protection Commissioner Informed of Law School Student Data Leak
The Data Protection Commissioner has been informed of a personal data breach in the Trinity College Dublin School of Law. Personal information from Erasmus applications made in 2013/14 was mistakenly uploaded to a Blackboard folder visible to all senior freshman law students. Staff had intended to make available a document containing a list of students currently on Erasmus or exchange so as to facilitate dialogue with prospective applicants for study abroad programmes. However, the file uploaded contained personal information from previous applicants, including their exam results, corresponding student numbers, and in one instance medical notes.
26.11.14 - E-cigarette from China distributes malware to systems
Here's another reason to quit smoking. E-cigarettes made in China are being used to distribute malware via a USB hookup to users' computers, according to a blog post by a Bit4Id security expert. The chargers of the e-cigs reportedly are hard-coded with malware, a discovery made after the system of an executive who had recently quit smoking was infected.
26.11.14 - You better watch out -- online retailers' security practices under the spotlight
This time of year sees a spike in online shopping activity, but that also means added worries about how well our information is being looked after when we buy online. Password management company LastPass has put together an infographic 'naughty and nice' list looking at how online retailers store information when we shop.
26.11.14 - Cheap Android tablets riddled with security flaws, test finds
Cheap clone Android tablets of the sort that crowd the shelves of many bricks-and-mortar US stores are often riddled with dangerous but hidden security flaws, a test by Bluebox Security has found.
26.11.14 - Google new Security Tools to improve Online Security
To protect your data on the web is very important, especially while business settings. Keeping this point in mind, the group of Mountain View has announced the introduction of two features dedicated to online security, with the aim of allowing users to exercise greater control over their own identity within the web. First one is addressed to all and another is an instrument already seen in recent months, now enrolled in the program that can also be accessed by Google for work( formerly Google enterprise).
25.11.14 - Self-Protection for Antivirus Software
In science fiction films, when a space ships is attacked, its deflector shields are not merely hit by accident, rather there is always an initial targeted attack on the deflector shield generator. In the real world of antivirus software, the deflector shield generator would be the kernel of the security suite – the antivirus application itself. If the deflector shield fails, then the ship – or in our case, the Windows system – is left unprotected and easy to commandeer. Naturally, manufacturers of security packages have known about this for a long time. That is why they have devised and deployed a number of measures for self-protection. What many users do not know: Several years ago, the IT sector developed open-access protection mechanisms that programmers can use in their source code – ASLR and DEP.
25.11.14 - Hacked webcam site is another reminder to improve security online
The UK Information Commissioner Christopher Graham has drawn attention to a webcam-monitoring Russian website, which offers thousands of private video streams, raising fears of unwitting and continuous surveillance. Graham conceded that he has little legal power to close such sites.
21.11.14 - Facebook continues to be in Hangover mode
Finally, I got a reply from Facebook in wake to my previous post and my email that I had sent earlier demanding an explanation on why they have not fixed the bug which I exposed about an year ago. For the sake of context, here is the link to my original post which defaces Facebook for its sheer ignorance for user's security:
20.11.14 - Baby monitors, CCTV cameras and webcams from UK homes and businesses hacked and uploaded onto Russian website
A Russian website has been found to be hosting hundreds of feeds of live footage from inside UK homes and businesses, which have been accessed by hacking into people’s webcams, which includes CCTV cameras and baby monitors. The UK’s privacy watchdog has urged people to upgrade their passwords after the website was found to feature 500 live feeds from Britain alone.
19.11.14 - Police warn of Isis cyber attacks on city banks
Police chief cautions firms in Square Mile to prepare for cyber attack from militants Financial institutions must do more to prevent Islamic fundamentalist attacking their networks, the head of the City of London police has said.
18.11.14 - 'Serious threat' as free web apps plant Trojans and ransomware
In a 17 November blog post, Trend Micro says criminals are using the FlashPack exploit kit to target corporate users who download apps supported by adverts. The ads secretly infect victims with a range of malware and ransomware, without the users clicking on malicious links or visiting unsafe websites.
13.11.2014 - Coca Cola sued by former employee over unencrypted laptop data theft
Coca-Cola is facing a potential class-action lawsuit after one of the people whose personal data was on one of a clutch of laptops stolen from the company says he suffered identity theft as a result of the breach. Laptops thefts are a common occurrence for most large organisations but the circumstances surrounding the loss of 55 laptops over a six-year period from the drinks giant’s Atlanta office and a bottling firm it acquired were always puzzling.
11.11.14 - Security-Officer-as-a-service - what does it mean and who is it for?
The obsession with acronyms has been long-standing in the IT industry, and now, to accompany it, is the fixation on the term "as-a-service". Software-as-a-service (SaaS), platform-as-a-service (PaaS) and infrastructure-as-a-Service (IaaS) are the three staples of this new craze, and they've been followed by the likes of Communications-as-a-service (CaaS) and monitoring-as-a-service (MaaS).
10.11.14 - Cyber criminals target travelling executives, warns Kaspersky Lab
Cyber criminals target corporate executives while they are travelling to steal sensitive data, researchers at security firm Kaspersky Lab have revealed. The researchers uncovered a cyber espionage campaign, which they believe has been active for the past four years, focusing on C-level executives connecting to corporate data using hotel Wi-Fi networks.
10.11.14 -
The number of manual account hijacking cases is small, but such incidents can be distressing to users and they can result in significant financial loss. Research by Google and the University of California, San Diego found that by analysing manual hijacking cases that occurred at Google between 2011 and 2014, there are only nine incidents per million Google users per day.
08.11.14 - What Makes a Good Security Audit?
EFF recently began a new Campaign for Secure & Usable Crypto, with the aim of encouraging the creation and use of tools and protocols that not only offer genuinely secure messaging, but are also usable in practice by the humans who are most vulnerable to dangerous surveillance, including those who are not necessarily sophisticated computer users. The first phase of this campaign is the Secure Messaging Scorecard, which aims to identify messaging systems that are on the right track from a security perspective. In subsequent phases of the campaign, we plan to delve deeper into the usability and security properties of the tools that are doing best in the Scorecard. One crucial aspect of the Scorecard and the campaign is and will be code auditing. We've gotten a lot of questions about the auditing column in the Scorecard, so we thought it would be good to expand on it here.
08.11.14 - Shropshire fire service website hacked by 'Palestine' group
It follows a similar attack on the Nottinghamshire Police website yesterday. Today the hackers, calling themselves AnonGhost, replaced the Shropshire fire service home page with a logo and a message reading: "To all Governments of the World. We are watching you, we can see what you're doing, we control you, we are everywhere.
07.11.14 - Nottinghamshire Police website hacked by AnonGhost
A police force's website has been hacked by a group claiming to be the "voice of Palestine". Nottinghamshire Police website was replaced with an image and the words Khilafah will Transform the World, while music including Mike Oldfield's Tubular Bells plays on a loop.
07.11.14 - Mark Johnson guilty of 'crippling' Home Office cyber attack
A Twitter user has been found guilty of posting a "malicious" weblink which helped bring down the Home Office website. Mark Johnson, 44, had denied posting links to his profile encouraging people to join a co-ordinated cyber attack on the page in 2012. But a jury at Birmingham Crown Court found him guilty of encouraging or assisting the hacking effort. Johnson, from Stoke-on-Trent, will be sentenced on 5 December.
07.11.14 - Manual Account Hijacking Rare, But Damaging: Google
A study released this week shows that the number of manual account hijacking cases is small, but such incidents can be distressing to users and they can result in significant financial loss. While a large majority of account hijackings rely on botnets and are automated, there are cases where attackers spend a lot of time to profile victims and maximize the profit they make without using automation, according to the study conducted by researchers at Google and the University of California, San Diego.
06.11.14 - Home Depot says 53m email addresses taken in one of largest breach in history
Cyber criminals snatched 53 million email addresses of Home Depot customers in what has been touted as one of the largest data breaches on record.
06.11.14 - Social Hacking of Support and Implementation Teams
Support, customer service and implementation teams are the human gateways into many systems. Because they are human, with regular access to some of the most sensitive information for a business, they pose a special security risk from two kinds of behaviour: malicious behaviours, intended to exploit the system in some way, and innocent behaviours, which place the system at risk as a by-product, rather than a goal. In this article, we will focus on malicious behaviours and how to defend against them.
05.11.14 - Cyber threats 2014: Remote command execution in FreeBSD
Operation of vulnerability allows to execute arbitrary commands, provides access to critical information and locks the computer. A malicious HTTP server could cause ftp to execute arbitrary commands.
05.11.14 - Is your connected car spying on you?
Modern cars are morphing into mobile data centres - connected, clever and packed full of sensors. But are they also becoming spies in our drives? As they record almost every aspect of our journeys and driving behaviour, interacting with our smartphone apps and sat-nav systems, who will own all the data they generate, how will it be used, and will our privacy inevitably be compromised?
04.11.14 - Looking Into Living Rooms: Watch Footage Of Thousands Of Internet-Connected Cameras Online
A nightmare from the Internet of Things has arrived just in time for Christmas: images from thousands of internet-connected cameras from all over the world are publicly available, online, and ready for anyone to easily view. In September, MailOnline reported about an unspecified website that allows ‘home hackers’ to spy on people through internet-connected cameras. About a week ago, Motherboard‘s Joseph Cox also reported on the website without explicitly mentioning the website’s URL in his article. However, by linking to a WHOIS-record of the website’s domain name, Cox gave away the website’s URL. Many Dutch media are now reporting about the website and mention the website’s URL:
03.11.14 - 6 things we learned from this year's security breaches
According to the Open Security Foundation, three out of 10 of the all-time worst security breaches happened this year. That includes 173 million records from the NYC Taxi & Limousine Commission, 145 million records at Ebay, and 104 million records from the Korea Credit Bureau. And that's not counting the 1.2 billion user names and passwords reportedly stolen by Russian hackers, or the 220 million records recently discovered stolen from gaming sites in South Korea.
3.11.14 - Uncloaking the Dark Arts of Evasive Malware
With so many security breaches in the headlines ­­from Home Depot to JP Morgan to Dairy Queen, ­­it would appear that cyber­criminals are winning the arms race against security professionals. Multinational retailers and banks are generally on the cutting edge of security technology adoption in the private sector, deploying a wide range of the latest network, application, physical and policy­based security defenses across their organizations. But with so many layers of defense in place against these attackers, how do they keep getting through? And with so many breaches made possible by malware being publicly disclosed, why are they still happening?
3.11.14 - Pro-ISIS script kiddies deface West Yorkshire egg-chasers' site
Pro-ISIS script kiddies defaced the website of Rugby League team the Keighley Cougars over the weekend in the latest of a series of attacks against somewhat obscure targets.
3.11.14 - Pro-democracy Hong Kong sites DDoS'd with Chinese cyber-toolkit
Hacking attacks against organisations promoting democracy in Hong Kong were run using the same infrastructure previously linked to Chinese cyber-espionage attacks, according to new research from security firm FireEye.
3.11.14 - Breach fatigue: do we even need notification laws?
Across the Atlantic, 2014 has been one of the most prolific years in recent memory for serious data breaches. Mandatory notification laws were, of course, brought in a few years ago to stop this very thing – the idea being that firms would take data security more seriously if they knew it could lead to damaging media headlines. Yet as the bad publicity continues to flow for the likes of Home Depot, JPMorgan and Target, are these laws still fit for purpose, and should the EU reconsider its own plans to roll-out similar regulations?
3.11.14 - Security contractor breach not detected for months
WASHINGTON (AP) — A cyberattack similar to previous hacker intrusions from China penetrated computer networks for months at USIS, the government's leading security clearance contractor, before the company noticed, officials and others familiar with an FBI investigation and related official inquiries told The Associated Press.
1.11.14 - Information leak and access control bypass in WordPress WP eCommerce Plugin
Experts of the company Sucuri found dangerous vulnerability in the plugin “WP eCommerce”, which allows attackers to easily access and edit personal information of users.
31.10.14 - Man who owns a smart TV says he’s ‘afraid’ of using it after reading its privacy policy
Just like with other electronic devices that used to be “dumb,” TVs have become increasingly smart lately, but that doesn’t mean that’s necessarily a good thing, especially when it comes to user privacy. At least that’s what Brennan Center’s Michael Price seems to think after he replaced his older TV that could offer access just to TV programs with a smart TV model that also delivers “streaming multimedia content, games, apps, social media and Internet browsing.”
31.10.14 - Zero Day Weekly: CurrentC hacked, White House breached, APT28 exposed, Verizon shamed
Apple Pay rival CurrentC, the WalMart, Sears, 7-Eleven and Best Buy-backed mobile payment system, became a laughing stock in security communities worldwide when it was hacked this week.
29.10.14 - Facebook, Google, and the Rise of Open Source Security Software
Facebook chief security officer Joe Sullivan says that people like Mike Arpaia are hard to find. Arpaia is a security engineer, but he’s not the kind who spends his days trying to break into computer software, hoping he can beat miscreants to the punch. As Sullivan describes him, he’s a “builder”—someone who creates new tools capable of better protecting our computer software—and that’s unusual. “You go to the security conferences, and it’s all about breaking things,” Sullivan says. “It’s not about building things."
10.29.14 - Hackers Are Using Gmail Drafts to Update Their Malware and Steal Data
In his career-ending extramarital affair that came to light in 2012, General David Petraeus used a stealthy technique to communicate with his lover Paula Broadwell: the pair left messages for each other in the drafts folder of a shared Gmail account. Now hackers have learned the same trick. Only instead of a mistress, they’re sharing their love letters with data-stealing malware buried deep on a victim’s computer.
29.10.14 - Apple Pay rival CurrentC just got hacked
On Wednesday, those taking part in the CurrentC pilot program received a warning from the consortium of anti-credit-card retailers called MCX, or Merchant Consumer Exchange: The program was hacked in the last 36 hours, and criminals managed to grab the email addresses of anyone who signed up for the program.
22.10.14 - Draft EU proposals on cyber and data breach notification: where are we now?
As reported in our first edition, there are two proposals making their way through the Brussels legislature which will change the legal landscape for the reporting of cyber attacks. These are the draft Network and Information Security Directive...