Editor's News

North American non-profit community organisation, Goodwill Industries International, has confirmed that a malicious attack on third-party systems impacted its retail members.   In a statement, Goodwill Industries International confirmed that a third-party vendor’s systems were attacked by malware, which enabled attackers to access some payment card data of a number of the vendor’s customers. The impacted Goodwill members used the same affected third-party vendor to process credit card payments.   Goodwill said a forensic investigation found that...

“One day wonder” websites, which are only online for 24 hours, are responsible for attack sources and for command and control purposes.   According to research by Blue Coat, the majority of websites used for malicious attacks are alive for only 24 hours. Its analysis of more than 660 million unique hostnames requested by 75 million users over a 90-day period earlier this year found that 71 per cent of the hostnames (470 million) were...

Domain name registrar Namecheap has claimed to have suffered a security incident at the hands of the Russian hackers CyberVor.   After its intrusion detection systems alerted it to a “much higher than normal load against our login systems”, it determined that the collection of stolen credentials detailed last month were to blame. In a statement it said that, upon investigation, it determined that the username and password data was gathered from third party sites, and was...

Apple has admitted that a very targeted attack on usernames, passwords and security questions was the cause of celebrity iCloud accounts being accessed.   In an advisory, Apple said that after more than 40 hours of investigation, the “practice that has become all too common on the internet” was the cause. It said: “When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are...

The success of the Backoff remote access Trojan (RAT) paints a very bleak picture of the state of point-of-sale security, according to Kaspersky Lab.   In an evaluation, Kaspersky Lab said that after sinkholing two servers, it has seen more than 85 victims connecting to its sinkhole, and its sinkhole covers less than five per cent of the command and control (C&C) channels.   “Taking into account the U.S. Secret Service statement, it's a pretty...

Malware which uses brute force tactics to try and gain access to user accounts has been blamed for the leaking of nude celebrity photos. According to The Next Web, intimate photos of actresses and singers were posted on the forum 4chan. Later, it reported that a piece of code was posted to code development website GitHub which repeatedly guesses passwords for the ‘Find my iPhone’ feature, using the 500 most common passwords approved by Apple....

The Europol European Cybercrime Centre (EC3), National Crime Agency and FBI have combined forces to launch the Joint Cybercrime Action Taskforce (J-CAT).   Coordinating and strengthening international investigations against cyber threats, the J-CAT will be led by Andy Archibald, deputy director of the National Cyber Crime Unit from the NCA, and will comprise a team composed of cyber liaison officers from committed and closely involved member States, non-EU law enforcement partners and EC3.   Archibald...

The Cyber Security Challenge UK’s new cyber security bootcamp, held at the Defence Academy in Shrivenham, is being delivered by a number of the UK’s most prestigious cyber defence companies including PWC, GCHQ and the National Crime Agency, to help attendees gain foundation skills and confidence to take their first steps into the cyber security profession. Today's assessment, devised by cyber security operatives from GCHQ, will see candidates take on the role of a cyber-team battling to overcome the threat of a cyber-terrorist group. Under the guidance of mentors from GCHQ...

Sparked by complaints that Microsoft’s online stores were full of fraudulent apps, Microsoft has removed 1,500 fake, fraudulent and misleading apps from its Windows and Windows Phone store. Todd Brix, Windows Store general manager said in a blog post “Earlier this year we heard loud and clear that people were finding it more difficult to find the apps they were searching for; often having to sort through lists of apps with confusing or misleading titles. We...

In a recent survey of IT experts, a fifth of those surveyed revealed that someone had downloaded Child Sexual Abuse (CSA) material at work. Of those, just 3.5% lead to criminal investigations and in the vast majority of cases (69%) nothing happened. According to NetClean, one in every 1,000 employees will look at CSA content at work. However, the majority of their survey respondents predicted this number at one in every million, which is seriously...