Editor's News

Despite usually being distributed in spam and phishing emails, the Dyre/Dyreza malware has the same capabilities as a targeted attack.   According to Peter Kruse, partner and eCrime specialist at CSIS Security Group, even though Dyzera has been targeting US businesses primarily, it is now targeting the unpatched flaw in Microsoft Windows, and Kruse told IT Security Guru that this will make it a lot more efficient in compromising hosts.   He said: “Dyreza has proven to be a...

In a year that has seen major bugs affect SSL and servers, there is a role for businesses to play in being more proactive to identify and fix flaws. Speaking on an IT Security Guru webcast about “The next great threat to security”, CISO and GiveADay founder Amar Singh said that rather than Heartbleed, Shellshock and Poodle, what was more important than ever before was “the inability of most organisations to quickly and correctly respond to an...

Content management system Drupal has said that it is suffering “automated attacks” against websites running version 7 of its software.   The company previously offered a patch for a SQL Injection flaw, but it said in the advisory that the automated attack, which hit as many Drupal sites containing the vulnerability as quickly as possible, anyone who didn’t update to version 7.32 within seven hours of its release should assume they’ve been hacked.   In...

Mobile payments provider CurrentC has issued a warning to customers that “unauthorised third parties” obtained tester email addresses. The email addresses were “participants” in its pilot programme, or people who had requested information about CurrentC. It said: “Within the last 36 hours, we learned that unauthorised third parties obtained the e-mail addresses of some of you. Based on investigations conducted by MCX security personnel, only these email addresses were involved and no other information .”...

UK workers feel that their data is more secure in the workplace than at home, but one in ten is unaware if there is even an IT department at work. According to the survey of 2,000 employees by Varonis, 42 per cent feel that the data they handle is more secure at work, while 21 per cent said it was more secure at home. 54 per cent of UK respondents felt that their data is...

The US Computer Emergency Readiness Team (US-CERT) has issued a warning on the Dyre banking malware. It warned that, since mid-October 2014, a phishing campaign has targeted a wide variety of recipients while employing the Dyre/Dyreza banking malware, and elements vary from target to target including senders, attachments, exploits, themes, and payloads. “The Dyre banking malware specifically targets sensitive user account credentials,” it said. “The malware has the ability to capture user login information and send the...

London music venue 93 Feet East has confirmed it has stopped a process of storing scans of payment cards, after attendees complained about the privacy aspects of it.   Someone who had visited the venue told IT Security Guru that upon entering, their credit card details and photographs were taken at the door by the security staff and when asked what they did with the information, they were told that they “hold on to it...

The FBI has raided the home of a suspected “second leaker”.   The unnamed person, who had been suggested and confirmed in the Laura Poitras documentary “Citizen Four”, has apparently been identified by the FBI.   According to Yahoo news, the accused leaker turned over sensitive documents about the US Government's terrorist watch list to a journalist closely associated with ex-NSA contractor Edward Snowden. The FBI recently executed a search of the suspect's home and federal prosecutors in Northern...

A privacy initiative to address the surveillance menace and help build a stronger bridge between the technical and the policy worlds will begin in January.   Named Code Red, the think tank will work to accelerate reform of secret institutions and will provide support for whistle blowers in those domains, according to Privacy Surgeon.   It said: “Code Red will be a strategic think tank and campaign clearinghouse to provide new resources and tactical advice to...

More than three-quarters of security professionals believe that traditional perimeter tools like firewalls and anti-malware are robust enough to combat today’s advanced persistent threats (APTs).   According to a survey of 130 delegates at this year’s Black Hat USA conference, 78 per cent were confident in the strength of traditional technologies, while 22 per cent were not confident.   Philip Lieberman, CEO of Lieberman Software, said: “Our survey reveals that while the majority of organisations...