Editor's News

The annual Mobile Pwn2Own contest has ended in Tokyo, with 11 bugs revealed in all. Yesterday, bugs were revealed in the Apple iPhone 5S, Samsung Galaxy S5 and LG Nexus 5 and the Amazon Fire phone. The Galaxy S5 flaw in its Android OS was discovered by UK researcher Jon Butler from MWR Infosecurity which targeted a local error in WiFi connection over a short distance. Ian Shaw, Group MD of MWR InfoSecurity, said MWR...

Just one hour of a DDoS attack can cost upwards of £30,000.   According to a report by Incapsula, the average cost of one of these types of attacks costs companies an average of £400,000, and 49 per cent of those studied can last between six and 24 hours. However 86 per cent of respondents said that they last for up to 24 hours.   The survey of 270 North American businesses found that almost half (45...

Browser testing service BrowserStack has admitted that an attacker hit a server that was vulnerable to the Shellshock bug. In the incident, an attacker was able to gain unauthorised access to some users’ registered email addresses and send an email claiming that BrowserStack would be shutting down, but reached fewer than one per cent (estimated 5,000) of users. In the statement by co-founder Ritesh Arora and Nakul Aggarwal, they said that the targeted server (run on Amazon Web Services)...

Civil society organisations (CSOs) are being bombarded with the same persistent and disruptive targeted cyber attacks which hit industry and Government. According to a report by Citizen Lab, and the Munk School of Global Affairs at the University of Toronto, CSOs who work to protect human rights and civil liberties around the world are attacked heavily, yet have far fewer resources to deal with the problem and rarely receive the same attention as the former. The report...

Microsoft has admitted that one of the critical patches that it released last night is being exploited and actively attacked. With some claims that the impact upon unpatched could be as serious as the Heartbleed bug from earlier this year, Microsoft and experts are urging users to patch MS14-064 as a priority. The flaw, in Windows Object Linking and Embedding (OLE), could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. All supported...

Microsoft released 14 security updates last night, nine of which were rated as critical. Addressing 33 Common Vulnerabilities and Exposures (CVEs) in Windows, Internet Explorer, Office, .NET Framework and Remote Desktop Protocol. Russ Ernst, director of product management at Lumension, said: “While we enjoyed a relatively low number of patches each month so far this year, November definitely takes a big jump up with 14 total bulletins released today: four are critical, eight important and...

A survey of 500 IT professionals has revealed that over a third were to be personally compromised if they were to lose their mobile device.   The survey, carried out at IP Expo by ESET, found that 39 per cent said that if they were to lose their phone, some of the photos and information they have stored on the device could compromise them. Also, 46 per cent of respondents admitted that if they were to...

The US Postal Service (USPS) has reported a cyber attack which affected both employee and customer data. In a statement, David Partenheimer from the USPS media relations group said that after it learned of the cyber security intrusion into some of its information systems, it began investigating the incident. “The intrusion is limited in scope and all operations of the Postal Service are functioning normally” he said. “Information potentially compromised in the incident may include personally...

A list of 3.8 million iTunes accounts has been dismissed as not being genuine.   Featuring email addresses and passwords, the list was only online for a short time but was available via cached page. People on the list contacted by IT Security Guru did not respond to emails.   Steve Lord, technical director of Mandalorian, told IT Security Guru that it was hard to substantiate if they were genuine or not, but offered some doubt as...

Pizza Hut has revealed that it suffered a year-long malware campaign which hit point of sale (PoS) systems.   The campaign, which hit the Hut last year, also caused order transmissions to fail. According to IT news, 60 of its 300 Australian stores suffered varying amounts of downtime as a result of 'steadily increasing' malware infections over the12-month period.   A report by Webroot said that the infection caused trade to be halted for up to...