Editor's News

Shellshock was successful because of a failure on the first patch and the rush to install it. According to a blog by Imperva, hackers rapidly adapted the vulnerability into their exploit kits and their ongoing attack campaigns and while the original patch was proven ineffective, a second wave of exploits dovetailed into the first one. Barry Shteiman, director security strategy at Imperva, said: “This vulnerability is one of the best examples of the risk to...

Cyber criminals could be raking in profits 20 times greater than the cost of their attacks. According to research by Kaspersky Lab of the cost of the most frequently used hacker tools with the money stolen in a successful malicious operation, the money made can be significant. In the case of creating a phishing page that mimics a popular social network site, as well as setting up a spam mailing list that links victims to...

The Australian Government has rolled out a network to enable reporting ot cyber crime fraud and incidents. Named ACORN (Australian Cybercrime Online Reporting Network),it will enable the public to report cases of cyber crime and also offer information to the public on how to avoid such attacks, reported lT News. ACORN is being positioned as a “national policing initiative" and Justice Minister Michael Keenan said police at federal and state levels would for the first...

An open letter has been sent to the National Institute for Standards and Technology (NIST) and copied to the White House asking for secure and resilient encryption standards to be built.   Signed by 19 organisations, including the EFF, Liberty Coalition, New America's Open Technology Institute, Electronic Privacy Information Center (EPIC) and vendors including Silent Circle and Cloudflare, it calls for development “free from back doors or other known vulnerabilities”, and calls on NIST to...

Sony Pictures Entertainment instructed employees not to connect to corporate networks or email after it suffered a major hacking incident.   The company network was affected with company PCs featuring an image saying “We have obtained all your internal data including secrets and top secrets”.   According to Deadline, the computers in New York and around the world were infiltrated by a hacker, and a source said that it is “down, completely paralysed”   In...

Between 2008 and 2014, there were over 700 prosecutions under the Computer Misuse Act. Revealed under a Freedom of Information Act request by Cordery, there were 702 prosecutions by the Crown Prosecution Service (CPS) in a six year period for the four charges of: unauthorised access to computer material; unauthorised access with intent to commit or facilitate the commission of further offences; unauthorised acts with intent to impair, or with recklessness as to impairing, the...

Regin was spotted twice before yesterday's revelations, claim researchers. Following yesterday's announcement about the detection of the sophisticated surveillance backdoor Trojan ‘Regin’ by Symantec, researchers at both Kaspersky Lab and F-Secure have claimed that they were both aware of the threat. Kaspersky said in its research that it was contacted in spring 2012 by a researcher who mentioned Regin when analysis was being done of the Duqu malware. Kaspersky said that it has been tracking the threat for the...

Malware which has spied on international targets for more than six years has been detected. According to research from Symantec, “Regin” is a back door-type Trojan with a high degree of technical competence, including a powerful framework for mass surveillance. Its capabilities include several Remote Access Trojan (RAT) features, including: capturing screenshots, taking control of the mouse’s point-and-click functions, stealing passwords, monitoring network traffic, and recovering deleted files. “It is likely that its development took months,...

More effort needs to be put into apprenticeships and paid internships to boost recruitment opportunities. Speaking at the Cyber Security Summit in London, Judy Baker, chair and founder of the Cyber Security Challenge, said that the education system is not delivering for the industry, and challenged the industry to support careers fairs and pass information on about jobs as she hears from candidates that having entered a competition, they “finally get it”. She said: “Stretching...

After CryptoLocker and CryptoWall collected millions of dollars from its victims, warnings have been made that ransomware is proliferating through new attack vectors.   According to a report by Bromium, tactics such as malvertising, anti-analysis and persistence techniques to ensure system compromise are now being used, as well as advanced encryption algorithms.   Previously, a primary strength of crypto-ransomware was its ability to use well-known and reputable crypto libraries to perform encryption, and early families...