Editor's News

The Bank of England is to oversee an ethical hacking programme as part of a broader assessment of the reliability of its information security defences According to a report by the FT, this is part of an assessment of more than 20 major banks and other financial players in the UK and the scenarios will draw on intelligence reports of the latest threats from attackers and be overseen by Andrew Gracie, the director of the...

More than 3,000 signatures have been collected in a petition against the proposed sale of HMRC data. The petition, organised and hosted by the Open Rights Group, calls on the Government “to halt plans to sell personal tax data to private companies and researchers”. It says “anonymisation is not foolproof and it is my right to object to my information being shared in this way. Any access to my personal information held by the government...

The number of Brute Force attacks conducted on cloud and hosting environments rose by 14 per cent in 12 months, as attackers looked for vulnerable systems. According to research by managed service provider Alert Logic, the number of detected brute force attacks climbed from 30 per cent to 44 per cent of customers. Drawing data from 232,364 incidents, the statistics also showed that the number of vulnerability scans against data centres and hosting environments increased...

A spike in point-of-sale (POS) intrusions and the plethora of online identities have led to another year of data breaches.   Featuring data from 50 global organisations from 1,367 confirmed data breaches and 63,447 incidents, the seventh annual Data Breach Investigation Report (DBIR) from Verizon found that three threat patterns cover 72 percent of the security incidents in any industry: web application attacks; distributed denial of service (DDoS); and card skimming.   Speaking to IT...

A 19 year old Canadian student has been named as the first man to be charged with offences relating to the Heartbleed vulnerability.   According to CBC, Stephen Arthuro Solis-Reyes has been charged with stealing over 900 security security numbers, with one count of unauthorised use of a computer and one count of mischief in relation to data.   He had been threatened to be arrested in the middle of a class at Western University...

A number of companies have begun to issue “all clear” messages in regard to the Heartbleed flaw.   Following an issue regarding Akamai, where it issued an update where it admitted to having a bug where it could protect only three parts of a six-part RSA key, technology vendors have now begun issuing statements where they are stating that they have checked, certified and clarified that there are no issues.   In its statement, Dell...

The Heartbleed vulnerability is affecting devices as well as websites, with reports claiming that both routers and mobile devices could be affected by the flaw.   According to the Guardian, Cisco has confirmed that a number of its products are vulnerable, including desktop phones, video conferencing hardware and VPN software, while Belkin said that its routers, as well as those of its Linksys subsidiary, while neither Netgear nor BT have spoken publicly about whether or not their...

Tools being used to detect the OpenSSL vulnerability often contain bugs too.   According to research by CNS Security, methods for detecting whether your systems are affected have bugs themselves which is leading to false negative results.   Adrian Hayter, blogger and penetration tester at CNS Security, said: “I was called upon to perform checks against numerous systems during the week, and I noticed that some of the scripts would find a vulnerability whilst others...

The Heartbleed story took a major turn last night, as it was revealed that at least two websites have suffered breaches as a result of the vulnerability.   Canada’s CBC news reported that hundreds of Canadians had their social insurance numbers stolen from the revenue website due to the OpenSSL flaw, but it waited until Monday to make it public. “The Canada Revenue Agency contacted our office last Friday afternoon to notify us about the...

Despite claims by the US Government that it was not aware of the Heartbleed vulnerability until it was made public, a news piece has claimed that the NSA knew about Heartbleed for at least two years.   The NSA tweeted a statement on Friday evening, saying that it “was not aware of the recently identified Heartbleed vulnerability until it was made public”. However Bloomberg said that the NSA knew about Heartbleed and regularly used it...