Editor's News

The US military is looking to hire 3,000 cyber security professionals over the next nine months. In an in order to boost resources at its Cyber Command armed forces infosec unit, the command's leaders recently successfully lobbied the US Government to rubber-stamp the hiring of 3,000 new workers to its 1100-strong workforce, which five years on is still not fully staffed. According to IT News, head of the Cyber Command, Admiral Mike Rogers, told a US House committee last week that...

Microsoft has released an advisory relating to the FREAK vulnerability, which affects its Secure Channel and all supported releases of Microsoft Windows. The company said that its investigation has verified that the FREAK (Factoring attack on RSA-EXPORT Keys) vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system. “The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide...

Information security training is a journey, it takes time but standards demand capabilities. Speaking at the Think Charity conference in London, organised by the Charities Security Forum, (ISC)2 EMEA managing director Adrian Davis said that being part of the security profession gives you certain rights and responsibilities, but as we try to create more of a profession, we need to be aware of what is going on. “There is a 25 per cent growth in Europe...

The National Crime Agency has orchestrated the arrest of 57 people this week in relation to a range of cyber crimes. As part of UK-wide action against cyber crime, 57 people were arrested in 25 separate operations, which relate to a range of cyber criminality including: network intrusion and data theft from multinational companies and Government agencies; Distributed Denial of Service (DDoS) attacks; cyber-enabled fraud; and malware and virus development. The activity took place across...

Similarities between the Darkhotel and Carbanak attack data sets has been detected whilst defining the malicious language of DNS traffic. According to research by OpenDNS and Fox-IT, the “update-javanet” domain was used for command-and-control in both the Anunak and Carbanak attack campaigns. OpenDNS Security Labs builds predictive models by mining its DNS data infrastructure for data about attacks to uncover patterns within, in order to track adversarial groups and block domains related to their activities....

Global hotel chain Mandarin Oriental has confirmed that its hotels have been affected by a credit card breach. In a statement to security blogger Brian Krebs, it confirmed that is was “currently conducting a thorough investigation to identify and resolve the issue”. It said: “Unfortunately incidents of this nature are increasingly becoming an industry-wide concern. The Group takes the protection of customer information very seriously and is coordinating with credit card agencies and the necessary...

766 cloud services are still at risk to the4 FREAK vulnerability, 24 hours after details of it were made public. According to analysis data from Skyhigh Networks of 10,000 services, 766 cloud services are still at risk. Nigel Hawthorn, EMEA director of strategy at Skyhigh Networks, said that if the website or cloud service is built around Apache, then FREAK is a serious vulnerability. “Until patches are made, it’s a case of pitting 90s technology...

The delay in patching the FREAK flaw will not cause users problems, particularly as there is currently no evidence of any exploits.   In an email to IT Security Guru, TK Keanini, CTO of Lancope said that proper exploitation of this flaw is difficult because there are multiple requirements for the attacker, unlike other vulnerabilities where all they needed to do was run the exploit.   “For this reason, I don't think the delay is a bad...

Cyber is the only area of the National Security Strategy to show efficient evidence of defence spending.   According to the Government’s six-monthly Strategic Defence and Security Review (SDSR), funding decisions on conventional defence and cyber capabilities must reflect the need for deterrence.   The report claimed that after cyber security was deemed to be a tier one risk in 2010, and with a 20 year timescale for the National Security Strategy, spending on climate...

A fresh SSL vulnerability has been detected, which allows attackers to intercept HTTPS connections.   Name FREAK (Factoring attack on RSA-EXPORT Keys), it intercepts vulnerable clients and servers and forces them to use ‘export-grade’ cryptography, which can then be decrypted. Specifically vulnerable are Apple and Google browsers, according to researchers who uncovered the flaw.   With many Google and Apple devices vulnerable and a patch due from Apple next week, the details of the flaw...