Editor's News

Online greeting card company Moonpig has taken an API offline which bypassed all authentication security and allow an attacker to place orders on other customer accounts.   According to research by Paul Price, the flaw allows an attacker to easily place orders on other customers accounts, add/retrieve card information, view saved addresses, view orders and much more. He also said that every API request is like this, and if you hit the API endpoint with...

An external police network was breached over the Christmas period allowing for personal information of police officers and members of the public to be illegally accessed.   According to the Eastbourne Herald, Sussex Police is investigating security breaches of its external website which occured over the Christmas period. It found that there were three breaches within a contained area of the website and could possibly be linked.   Amaraghosha Carter, joint head of IT for...

A password-hacking tool has been uploaded to allow attackers to break into any iCloud account.   Named iDict, it has been uploaded to code sharing service GitHub by a user using the handle “Pr0x13”. According to the Hacker News, the tool makes use of an exploit in Apple's iCloud security infrastructure to bypass restrictions and two-factor authentication security that prevents brute force attacks, and keeps most hackers away from gaining access to users’ iCloud accounts....

Bristol bus timetable website has been attacked by a group calling itself “Darkshadow”.   The “Arab Security Team” attacked TravelWest’s website on New Year’s Day and the website, controlled by four councils including Bristol, South Gloucestershire and North Somerset, has managed to regain control today.   Julia Dean, communication officer for WEP, told the Bristol Post that it is “working on getting the website fixed as quickly as possible”. The website was replaced with a...

Two members of the hacker group “Lizard Squad” have been arrested following a crippling attack on the PlayStation and Xbox online gaming networks over the holiday period.   Vinnie Omari was arrested in London by police investigating PayPal thefts and cyber-fraud offences over the past two years. According to The Hacker News, law enforcement officials reportedly seized phones, laptops and an Xbox from his home.   Thames Valley police said in a statement that a...

Facebook has introduced a new website to advise users on its complex privacy settings.   In an email to users, it said: “Over the past year, we’ve introduced new features and controls to help you get more out of Facebook, and listened to people who have asked us to better explain how we get and use information.” The page “Privacy Basics”, offers users a guide to “taking charge of your experience on Facebook”.   Ahead...

The United States Computer Emergency Readiness Team (US-CERT) has issued a warning about a Server Message Block (SMB) Worm Tool.   Although the ongoing situation regarding the attack on Sony Pictures and attribution pointed at North Korea by the USA was not mentioned directly, it did say that SMB was used “to conduct cyber exploitation activities recently targeting a major entertainment company”.   The tool is equipped with a listening implant, lightweight backdoor, proxy tool,...

Alert Logic has dismissed criticism of its research into the Linux bug it named grinch.   Last week, Alert Logic said that grinch exists in the new authorisation system that allows privilege escalation through Wheel, bypassing it by using the existing polkit authentication.   “Wheel users have access to all system commands including the ability to install any package or code,” Stephen Coty, chief security evangelist at Alert Logic said. “We can abuse the user’s...

Santa Claus has landed himself in hot water, following the release of “selfie” photos.   Believed to have been caught up in the Apple iCloud unauthorised access incident from this summer, where an attacker used brute force password tools to access the accounts and leak photos, including revealing photos of a number of actresses, St Nicholas is the latest victim of the access.   In this latest development, selfies of Santa have been the latest...

The FBI has officially named North Korea as the aggressor behind the Sony Pictures attack.   Despite many members of the information security community now believing that North Korea was not responsible for the attack, including Marc Rogers from Cloudflare, whose blog listed ten reasons why North Korea was not to blame, saying “my money is on a disgruntled (possibly ex) employee of Sony”, an FBI statement concluded that there are three reasons why North...