Editor's News

Airline tickets for Delta can be altered with a simple URL change   According to research, you can simply change the URL of your boarding pass and get someone else’s boarding pass, even if they’re on a different airline. As well as a potential data privacy angle, this would allow any passenger to change to a different flight.   Tod Beardsley, engineering manager at Rapid7, said that this is a “classic information leak in web design”....

Only 570 of 40,000 European victims of ransomware paid the Bitcoin fee.   Infecting more than 40,000 systems in Europe, TorrentLocker started spreading in early 2014 and encrypted documents, pictures and other files on user’s device, with a demand of up to 4.081 Bitcoins to unlock it, around £950.   ESET's research found that 2.329 UK systems had been infected, and around ten per cent (up to 210) had paid the ransom. Commonly, the ransom...

A new bug in Linux has been detected which bypasses the “Wheel” group of advanced permissions. According to detection by Alert Logic, the bug is seasonally called “grinch” and impacts all Linux platforms, including mobile devices. Stephen Coty, chief security evangelist at Alert Logic, said that grinch exists in the new authorisation system that allows privilege escalation through Wheel; a user group that is used on Linux systems to control access to su (superuser) commands....

Two-thirds of former employees were able to access corporate data on cloud storage applications after leaving their last job, while one in four admitted that they would take corporate data with them when they left.   Research by Sailpoint of 1,000 office workers at large companies found these results, despite 60 per cent working under a rule that their former employer forbade ex-employees from taking IP after leaving the company.   Kevin Cunningham, president and...

Malware which targets more than 100,000 websites running the WordPress CMS has been detected.   Detected on Sunday morning when Google blacklisted over 11,000 which were redirecting to the domain SoakSoak.ru, therefore dubbed “SoakSoak” malware. Researchers at Sucuri said that the infections are not targeted only at WordPress websites, but it appears that the impact seems to be affecting most hosts across the WordPress hosting spectrum, reported The Hacker News.   As well as experiencing unexpected...

A global online resource to help coordinate international efforts in cyber security through sharing of information and best practice has been launched.   Helping to support decisions and investments that can significantly enhance safety and security in cyber space, the Cybersecurity Capacity Portal has been created by the Global Cyber Security Capacity Centre, part of Oxford Martin School at the University of Oxford.   The concept is to give policy-makers, Governments, agencies, international and regional...

An unspecified “Christmas present” awaits Sony Pictures, following releases of more personal information over the weekend.   The Guardians of Peace, hackers who have claimed responsibility for multiple releases and the initial attack in November, said in a Pastebin post that it was “preparing for you a Christmas gift”, reported Arstechnica.   The message read: “The gift will be larger quantities of data. And it will be more interesting. The gift will surely give you...

The Government is to offer grant funding to enable universities offering cyber security qualifications, and enhanced opportunities for graduates.   Speaking at an event to mark the third anniversary of the launch of the UK Cyber Security Strategy, Cabinet Office Minister Francis Maude MP said that the new grant funding was being alloted for universities in Newcastle, Birmingham, London and Liverpool “to develop and demonstrate new resources to improve cyber security education, and learning”.  ...

GCHQ has released its Cryptoy tool as a free Android app. Originally designed by GCHQ for use by secondary school students and their teachers to learn about encryption, Cryptoy enables users to understand basic encryption techniques, learn about their history and create their own encoded messages. These can then be shared with friends via social media or more traditional means and the recipients can use the app to try to decipher the messages. An Android...

The Cyber Security Challenge has launched two new virtual competitions, backed by QinetiQ and Modux.   QinetiQ’s game “ Assignment: Read between the lines” will test candidates ability to perform network vulnerability analysis of an international company, and ascertain any potential threats from a suspicious file. Modux’s game “Assignment: Grab for Power” challenges competitors to protect the capital’s critical national infrastructure.   Both competitions will feature the fictitious hacker group Flag Day Associates, as the...