Editor's News

The Telegraph disabled its social media sharing buttons during the attack by the Syrian Electronic Army (SEA).   According to a source who chose to remain anonymous, there was a suggestion that those services were being used to hijack the news websites. “Most of the sites affected use Gigya for comments, but we use Disqus, so it cannot have been that in case,” they said.   The source said that the widgets were switched off...

Phishers are using a new technique where they point to malicious URLs within Google Docs, rather than placing them within the emails.   Speaking to IT Security Guru, PhishMe CEO Rohyt Belani said that with the seasonal shopping period underway, there is nothing specifically different this year, but there are slight tweaks to each attack effort.   “What we are finding is an interesting theme where attackers are finding that systems are creating specific signatures...

Documents taken from Sony Pictures include 894MB of sales and contract data covering a period between 2008 and 2012.   According to CSO online, initial released documents included: private key files; source code files (CPP); password files (including passwords for Oracle and SQL databases); inventory lists for hardware and other assets; network maps and outlines; production schedules and outlines; financial documents and PII. Later in the week, the attackers released preview copies of Sony movies,...

Global law enforcement agencies and the airline, travel and credit card industries have joined forces in a major concerted action to combat online fraud.   In the operation, organised via three coordination centres at Europol in The Hague, Interpol in Singapore and Ameripol in Bogota and involving over 60 airlines and 45 countries at more than 80 airports across the world, saw 281 suspicious transactions reported and 118 individuals arrested.   In the coordinated “Global...

Malwarebytes has admitted that a flaw in its forum software allowed an attacker to gain access to the server hosting its community. In a message posted by CEO Marcin Kleczynski, he said that there was no evidence of any personal data being stolen, but as a precaution it is forcing all users to reset their passwords. “We’ve also migrated our community away from our servers and on to a service hosted by Invision Power Board,” he...

A number of media websites have been defaced to display a message from hacktivists the Syrian Electronic Army (SEA).   According to media reports, The Independent, Telegraph, LA Times, CNBC & NBC, Boston Globe, Forbes and Business Insider were among those who came under attack, which the BBC reported was enabled by changing the DNS settings of the shared website provider.   The message related to Thanksgiving, and was accompanied by a message critical of...

The FinFisher surveillance software masqueraded as a benign bookmark manager, according to detection by the Detekt software.   According to the Register, developer Claudio Guarnieri said on Twitter that Detekt discovered the malicious toolkit and an unknown user uploaded the file to the Virus Total analysis engine. The malware was signed with a Comodo certificate signed by 'Jagdeependra' and not the author of the bookmark manager Outertech.   FinFisher is a cross-platform tool that can...

More businesses are appointing a chief information risk officer (CIRO) and it is expected to become a full-time professional position.   Andrew Fitzmaurice, CEO of Templar Executives, said that often the board do not see the benefit of information security until it is presented to them and they see that it can affect share prices and their corporate edge.   Therefore the “board level champion” position of the CIRO has emerged who has a CISO...

Shellshock was successful because of a failure on the first patch and the rush to install it. According to a blog by Imperva, hackers rapidly adapted the vulnerability into their exploit kits and their ongoing attack campaigns and while the original patch was proven ineffective, a second wave of exploits dovetailed into the first one. Barry Shteiman, director security strategy at Imperva, said: “This vulnerability is one of the best examples of the risk to...

Cyber criminals could be raking in profits 20 times greater than the cost of their attacks. According to research by Kaspersky Lab of the cost of the most frequently used hacker tools with the money stolen in a successful malicious operation, the money made can be significant. In the case of creating a phishing page that mimics a popular social network site, as well as setting up a spam mailing list that links victims to...