Editor's News

The masterclass of the fifth Cyber Security Challenge is underway in London. Held on HMS Belfast, the 42 finalists are facing a challenge against the fictional terror group Flag Day Associates, who have taken control of the warship's guns and are pointing them at London's City Hall. The six teams are operating against each other in a test of both soft and technical skills. Cyber Security Challenge CEO Stephanie Damon called this the “most ambitious challenge ever”...

Compliance with payment security features of the PCI data security standard (DSS) dropped significantly in 2014. According to the 2015 PCI Compliance Report, 80 per cent of businesses fail their interim PCI compliance assessment, while less than a third (28.6 per cent) of companies had maintained full compliance within a year of validation, and no more than 74 per cent had sustained compliance with any individual Requirement. Based on four years of data and including...

A survey of “unsafe” applications has found that 85 per cent expose sensitive device data, and a third perform suspicious security actions. The survey of 400,000 mobile applications by Veracode, found that 140,000 were deemed to be unsafe, and a third (37 per cent) checking to see if the device is rooted or jailbroken and another third (35 per cent) retrieve or share personal information about the user such as browser history and calendars. Speaking...

Malware that can successfully outwit the CAPTCHA image recognition system has been detected. According to Kaspersky Lab, the Trojan-SMS.AndroidOS.Podec has developed a technique to convince CAPTCHA that it is a person in order to subscribe thousands of infected Android users to premium-rate services. Initially detected in late 2014, Podec automatically forwards CAPTCHA requests to a real-time online human translation service that converts the image to text using an online image-to-text recognition service and within seconds,...

Microsoft released 14 patches on its third monthly Update Tuesday, to include critical patches for the FREAK flaw and Internet Explorer. With five critical patches released in total, to address a total of 44 vulnerabilities in all, experts recommended patching MS15-018 first, the bulletin for Internet Explorer. Trustwave's Karl Sigler said that Internet Explorer accounts for fifteen of the vulnerabilities, the majority of which are memory corruption bugs, the worst of which could result in...

Private investment firm Bain Capital has announced it is to acquire security vendor Blue Coat Systems in an all-cash transaction valued at approximately $2.4 billion. Blue Coat were acquired by investors Thoma Bravo for $1.3 billion in 2011, and completed the acquisition of Norman Shark in 2013. The transaction is expected to close during the first half of 2015. Gregory S. Clark, chief executive officer, Blue Coat Systems, said: “The world’s most trusted brands use...

The enforcement activities of the Information Commissioner’s Office (ICO) have increased over the past three years with a marked shift away from headline grabbing financial penalties in favour of more subtle and sophisticated enforcement tools. According to PwC’s Privacy and Security Enforcement Tracker, the number of enforcement notices have quadrupled in the last two years alone while the number of businesses criminally prosecuted has risen significantly, from seven in 2013 to 18 in 2014. Stewart...

The CIA has conducted a sustained effort to break the security of Apple’s iPhones and iPads.   According to top-secret documents obtained by The Intercept, the effort took place over several years where researchers targeted security keys used to encrypt data stored on Apple’s devices, and ultimately penetrate Apple’s encrypted firmware.   The security researchers also claimed they had created a modified version of Apple’s proprietary software development tool, Xcode, which could sneak surveillance backdoors...

Whilst wearable technology and Internet of Things (IoT) are popular, security concerns are often ignored for convenience. Speaking to IT Security Guru, Dan Lamorena, senior director of HP Software Enterprise Security Products, admitted that despite there not having been a major incident yet regarding IoT or wearable technology, there are vulnerabilities inside whilst there is plenty of focus on getting products to market. “I am sure this is an area of concern and we are finding...

Feminist blog Femsplain.com came under a Distributed Denial-of-Service (DDoS) attack on International Women’s Day. Whilst the opportunity was taken to celebrate women’s achievements and contributions to society, the blog founder Amber Gordon said that the site had suffered DDoS attacks in the past, but never with such severity as the one experienced yesterday, reported Graham Cluley on welivesecurity. “I think it’s because it’s International Women’s Day,” she told The Verge. However Femsplain used the attack to...