Editor's News

Dropbox has squashed a bug which impacted shared links to files that contained hyperlinks.   According to a blog by Aditya Agarwal, vice president of engineering at Dropbox, it has taken steps to address this issue and users do not need to take any further action. He explained that in the instance, if a Dropbox user shared a link to a document that contained a hyperlink to a third-party website and recipient clicked on that hyperlink in the...

FireEye has agreed to acquire nPulse Technologies, adding further forensic analysis capabilities to its portfolio.   After acquiring Mandiant in January for $1 billion, FireEye said that this deal would see it combine the nPulse network forensics solution with its own security platform to deliver an enterprise forensics solution for visibility into the entire attack lifecycle, across both gateway and endpoint nodes.   With nPulse's capability to capture full packets at high speeds and index...

A third more UK businesses faced distributed denial-of-service (DDoS) attacks in 2013, with some attacks lasting up to two days.   According to research of 331 companies by Neustar, over 35 per cent more UK companies were hit by DDoS attacks in 2013 compared with 2012. It also found that there were a greater number of longer-lived attacks in 2013, with 28 per cent lasting up to two days. Also once attacked, there is a...

Only 40 per cent of retail and financial organisations feel that they could detect a data breach within a number of days.   According to research by Tripwire of 102 financial organisations and 151 retail organisations in the UK, 25 per cent of breaches go undetected for more than 24 hours, while 44 per cent admitted that their customer data could be better protected.   Speaking to IT Security Guru, Dwayne Melancon, chief technology officer...

Attackers can obtain access privileges and access protected data by using nothing more than knowledge of common Windows protocols, basic social engineering and readily available software.   According to research by Imperva, data breaches that are commonly associated with the “APT” theme are often achieved by relatively simple (and commonly available) means, using basic technical skills.   Amichai Shulman, CTO of Imperva, said: “There needs to be a fundamental shift in how we view APTs...

The board of directors of Target have removed Gregg Steinhafel as chairman and chief executive some six months after the major breach was reported.   According to Reuters, Target said that it wants new leadership to help restore consumer confidence in the retailer after the data breach affected around 70 million customers. A 35-year veteran of the company, Steinhafel had been CEO since 2008 and is now replaced him with Chief Financial Officer John Mulligan...

A new vulnerability in the open authentication framework OAuth is not the new Heartbleed, but it is affecting major websites.   According to Symantec, this is not the next Heartbleed, but it is a security flaw in the implementation of OAuth by service providers. Also named Covert Redirect, this takes advantage of third-party clients susceptible to an open redirect and requires an attacker to find a susceptible application as well as acquire interaction and permissions from...

CipherCloud has launched a free tool to give businesses visibility into all of the cloud applications in use across the organisation. According to the company, Cloud Discovery solution allows users to discover, analyse and risk score the different cloud applications being used by employees, including most-used and high-risk based on user access and volume – providing greater visibility and allowing them to take action where necessary. Paige Leidig, ‎chief marketing officer and senior vice president...

IT Security Guru announced the winners of its inaugural Infosec awards last night.   After asking attendees and exhibitors to nominate themselves via the IT Sec Guru Twitter account using the hashtag #GuruHigh5, we asked for nominations for the best stand, best newcomer, best giveaway, best speaker and most newsworthy vendor, the nominations were collected and the winners announced as the following:   Best stand – Pen Test Partners Best giveaway – Tripwire for the...

Despite Microsoft ending support for XP a month ago, Microsoft has announced that it has released an out-of-band patch to fix the zero-day flaw in Internet Explorer.   Dustin Childs, group manager of response communications at Microsoft Trustworthy Computing, said that it made the decision to issue the security update for Windows XP as even though it is no longer supported by Microsoft and it continues to encourage customers to migrate to a modern operating...