Editor's News

Gemalto has said that an initial investigation into alleged hacking of its SIM keys by intelligence agencies appears to be true. In a statement following the revelations by The Intercept that GCHQ and NSA hacked into SIM keys to bypass encryption to monitor use, Gemalto has said that the investigation into the intrusion methods described in the document and the sophisticated attacks that Gemalto detected in 2010 and 2011 “give us reasonable grounds to believe...

The time being taken to detect breaches has reduced year-on-year. According to the M-trends report from FireEye, despite one organisation being breached for over eight years, the time it takes organisations to detect that they have been compromised has dropped to 205 days in 2014, down from 229 days in 2013 and 243 days in 2012 Yet the report said that it is becoming harder for organisations to detect that they have been breached, with only...

Sir Malcolm Rifkind has announced that he plans to step down as an MP and resign from his role as chairman of the Intellgence and Security Committee. In a statement, Rifkind said that he is to step down at the next election despite the “tremendous support from my constituency association and from many constituents in Kensington over the last two days”. Rifkind was alleged to have offered his services to a private company after being...

Privdog has announced that is has released a fix for a security issue found in the third party library Calling the threat level “low”, an advisory said that a “minor intermittent defect” was detected in a third party library used by the PrivDog standalone application, which potentially affects a very small number of users. It said: “This potential issue is only present in PrivDog versions, 3.0.96.0 and 3.0.97.0. The potential issue is not present in...

Software named PrivDog will intercept every certificate and replace it with one signed by its root key, according to research.   That includes certificates that weren't valid in the first place. “It will turn your browser into one that just accepts every HTTPS certificate out there, whether it's been signed by a certificate authority or not,” researcher Hanno Böck said.   As well as that, it directs to a webpage that has a self-signed certificate and...

Lenovo has released an automated tool to remove the Superfish tool and is working with security firms to quarantine the certificate quarantined.   According to a statement, Lenovo has tasked Intel Security (formerly McAfee) and Symantec to remove the rogue software, which was accused of stealing web traffic using fake, self-signed, root certificates to inject advertisements into sessions, and monitoring user activity with man-in-the-middle attack techniques to crack secure connections.   Lenovo said that it...

Gemalto has said that it especially vigilant against malicious hackers and is unable to prove a link between past hacking attempts and what has been recently reported.   In a statement, the SIM card manufacturer said that reports were incorrect that attacks were targeted at Gemalto, and instead efforts were made “to try and cast the widest net possible to reach as many mobile phones as possible”.   It said it was unable to verify...

Raytheon UK designed and hosted a simulated cyber terrorist strike on Saturday at London’s iconic BT Tower.   In a bid to unearth new talent to defend the UK against growing cyber threats, the online battle, part of the Government-backed Cyber Security Challenge UK, tested some of the UK’s finest amateurs and their ability to defend physical infrastructure from sophisticated cyber-crime groups.   With a performance assessed by experts from Raytheon UK, GCHQ, the National...

Software provider Superfish has said it stands by claims made by Lenovo, that there is nothing malicious about its product.   In a statement to sent IT Security Guru, Superfish CEO Adi Pinhas said that the company is standing by the comments made by Lenovo, and confirmed that Superfish has not been active on Lenovo laptops since December.   He said: “It is important to note  Superfish is completely transparent in what our software does...

Intelligence agencies from the USA and UK hacked into the internal computer network of the largest manufacturer of SIM cards in the world, to steal encryption keys used to protect the privacy of cellphone communications across the globe.   According to documents provided to The Intercept by whistleblower Edward Snowden, the hack was enabled by a joint unit consisting of operatives from the NSA and GCHQ and gave the surveillance agencies the potential to secretly...