Editor's News

Netflix has released two internally developed security applications, Scrumblr and Sketchy, that they use to monitor the Web for potential threats. The company released both applications on Monday as open source. Scrumblr is a web app developed in Ruby on Rails and enables their users to search the Internet for tailored content of interest. It includes a set of built-in libraries that inclue Facebook, Twitter and Google. Other sites can be monitored by creating plugins....

The FBI said it is trying to determine if a cyber-attack carried out early August 2014 on US bank JP Morgan, and four other financial institutions was in retaliation for sanctions imposed on Russia by Europe and the US. Reports from Bloomberg suggest that sensitive customer data was stolen as part of the breach. Amichai Shulman, CTO Imperva, explains why no initial financial loss indicates this attack could be politically motivated. “None of the people...

Verizon has developed a QR code login that allows users to scan a QR code on a participating website with their smartphone to gain access to the site or application in an attempt to bypass the security problems that arise as a result of authentication based on using usernames and passwords.   “Lost and stolen passwords remain the No. 1 way that systems are compromised,” said Tracy Hulver, chief identity strategist for Verizon. “We continue...

The security-as-a-service provider Proofpoint has uncovered a new Bitcoin phishing attack. Based on their research, Proofpoint detected 12,000 messages sent in two separate waves to more than 400 organisations across a variety of industries.   It seems that this phishing attack had non-Bitcoin users actually clicking on the link too as the campaign received a 2.7% click rate, much higher than the percentage of Bitcoin users in the general population. Blockchain.info, the most popular Bitcoin “wallet”...

According to Venafi, more than half of the companies on the Forbes Global 2000 list are still vulnerable to the Heartbleed flaw. This follows the recent data breach at Community Health System which exposed over 4.5 million patients’ personal details, which was reportedly down to the OpenSSL flaw. Richard Cassidy, senior security architect, Alert Logic explained why Heartbleed is still an issue 6 months on. “We know from our own research at Alert Logic that...

The ICO reports that highly sensitive information was insecurely handled by prisons across England and Wales for over a year, leading to a data loss at HMP Erlestoke. The penalty follows the loss of a back up hard drive in May 2013. According to the report, the hard drive contained information about 2,935 prisoners that included ‘details of links to organised crime, health information, history of drug misuse and material about victims and visitors.’ The...

Korea’s Joongang Daily has reported that hackers have accessed 220 million data records of 27 million people. The South Jeolla Provincial Police Agency said they arrested a 24-year-old man, known only by surname Kim, as well as 15 others. Kim is believed to have bought personal data of 220 million people, including the names, resident registration numbers, account names and passwords from a Chinese hacker he met in 2011. He is then thought to have used...

According to Imperva, web attacks originating from Las Vegas increased 130x during conferences Black Hat and Def Con. Where there would typically be 20 attacks originating from Las Vegas per day, during the conferences that number peaked at 2,612. The start of Defcon - which is also the final day of Black Hat – saw the number of attacks hit 1,916 on Aug. 7. On the final day of DefCon the number of detected attacks...

  Fewer than half of security professionals believe that the Target breach has had an impact upon their business.   In a survey conducted at the Black Hat conference in Las Vegas this month, 42 per cent of 215 respondents said that the Target breach had a greater impact on their security budgets. 31 per cent said the Target breach had a greater influence on their executives’ security awareness, more than the Snowden leaks or...

Logistics company UPS has admitted that it suffered a breach of user credit card data following a malware intrusion at 51 physical locations.   In a statement and letter to customers, president Tim Davis said that the malware was present at 51 locations of 4,470 franchised center locations throughout 24 states. Davis confirmed that as a response, it has implemented various system enhancements and antivirus updates and it worked with a security firm to eradicate...