Editor's News

The widely reported Xen hypervisor flaw was “media hype” that over exposed a flaw that was not as critical as claimed. Speaking to IT Security Guru at the Black Hat Europe in Amsterdam, Rafal Wojtczuk, security researcher at Bromium said that the revelation of the vulnerability was “really not that interesting” as it was not that critical as the virtual machine can trigger the buffer, and the impact is that there is some data leakage...

FBI director James B. Comey has said that national threats require a “national conversation”, particularly as it is struggling to keep up with developments in technology and the ability to surveil and collect data. In a speech given at the Brookings Institution in Washington DC, the FBI director marked his first 13 months in the job saying that there are a lot of misconceptions in the public eye about what the Government collects and the...

The capability to take control of a mobile device and install malware can be done by simply plugging it into a fake charging station. Speaking at the Black Hat Europe conference, Andre Pereira said that while the trend for use of smartphones has increased, it also exposes our information. He highlighted the Android operating system and said that its customisation capability one was one of its benefits, and as vendors add their own software it...

Data transmission from a printer can be captured from 1200 metres away, according to the results of an experiment. In the opening keynote at this year's Black Hat Europe in Amsterdam, cryptographer Adi Shamir detailed an instance where it was possible to scan a printer from a distance of 1200 metres. Shamir said: “Previously, secrets were kept in file cabinets in buildings so you needed a human spy. Today, all secrets kept in cabinets need...

Microsoft released three critical patches last night, including a fix for the flaw being exploited by the sandworm gang.   As part of what it now calls Update Tuesday, Microsoft said in an advisory that the three critical-rated and five important patches will address 24 Common Vulnerabilities and Exposures (CVEs) in Windows, Office, .NET Framework, .ASP.NET and Internet Explorer. “We encourage you to apply all of these updates, but for those who need to prioritise deployment planning, we recommend focusing...

The Joint Cybercrime Action Taskforce (J-CAT) is working on building an encryption system to better enable sharing of threat information.   Speaking at the ISSE Conference in Brussels, Troels Oerting, head of the European Cybercrime Centre (EC3), said that more of a dialogue is needed, and efforts are being made to build an encryption system to encrypt and minimise what data is shared.   Oerting told IT Security Guru that this is an algorithm it is...

A fresh attack vector against SSL has been detailed, but analysts are mixed on the severity of the POODLE (Padding Oracle On Downgraded Legacy Encryption) flaw. After it was rumoured to be disclosed yesterday by the Register, it was later detailed as revealing a vulnerability in the way that SSL v3 uses ciphers and allows an attacker to extract the plaintext of targeted parts of an SSL connection, usually cookie data, and doesn't require such extensive control of the format of...

Bad password management costs businesses up to £130,000 and a year in lost productivity. According to research by Centrify, of 2,000 UK and US participants, it found that the average employee wastes £261 a year in company time on trying to manage multiple passwords, which for a company with 500 staff is a loss of more than £130,000 a year. Barry Scott, EMEA chief technology officer for Centrify, told IT Security Guru that the concept was...

A vulnerability which affects all versions of Microsoft Windows is being used in a Russian cyber-espionage campaign which targets NATO, the European Union and critical sectors. According to research by iSIGHT Partners the vulnerability, which impacts all supported versions of Microsoft Windows and Windows Server 2008 and 2012, and a patch will be made available today. The research found that exploitation of the vulnerability was discovered in the wild in connection with a cyber-espionage campaign that iSIGHT Partners attributed...

A greater proliferation of online service is enabling cyber criminals, but that is not being met with equal online law enforcement. Speaking at the ISSE 2014 Conference in Brussels, Troels Oerting, head of the European Cybercrime Centre (EC3) and assistant director of Europol's Operations Department, said that we need greater collaboration across the world as cyber criminals are not focused on territory. He said that in the Danish police, he had the authority to use...