Editor's News

Businesses and Governments who have developed cyber espionage tools are turning to them for business advantage, and often require them as part of everyday business.   Stephen Bonner, partner in the information protection and business resilience at KPMG, told IT Security Guru that once a rogue nation of business has built a cyber espionage tool, it becomes cost effective to use it for other things.   “We've seen this with hostile bids for access to something, such as...

A variant of the Zeus banking Trojan was found to use a legitimate digital signature to avoid detection from Web browsers and anti-virus systems.   According to a blog by Comodo, this new variant of the banking Trojan combines a legitimate digital signature, malware component and a rootkit. The digital signature assures browsers and anti-virus, but Comodo warned that with this “approval”, businesses are much less likely to take action or will give lower levels...

Microsoft will release four bulletins next Tuesday, two of which are rated as critical and two rated as important.   On the day when the final patches are released for Windows XP and Office 2003, these updates address issues in Microsoft Windows, Office and Internet Explorer.   Among the fixes is MS14-017 which fully addresses the Microsoft Word issue first described in Security Advisory 2953095, after an emergency fix was issued in late March. “Once the...

Experian has denied that its database was compromised, and that reports claiming 200 million records were breaches are “false and that the actual number is much lower”.   In a blog, Gerry Tschopp, senior vice president of public affairs and public relations for Experian North America, said that the information about Experian circulating in news outlets and other websites is inaccurate.   The story was revealed by Brian Krebs last year. He said that an...

Only nine percent of 500 IT decision makers feel that they are safe from the “insider threat”!   According to research by Vormetric, 42 percent acknowledge that it is ‘privileged users’ that pose the biggest risk to their organisation, while 47 percent admit to finding insiders more difficult to detect.   However with 91 percent of the respondents admitting to feeling unsafe, Alan Kessler, CEO for Vormetric, told IT Security Guru that he could not...

The UK Government has signed a deal with Microsoft to provide Windows XP support and security for 12 months after support ends next week.   According to Computer Weekly, the agreement is worth £5.548 million, and covers 'critical' and 'important' security updates for Windows XP, as well as Office 2003 and Exchange 2003, which also go out of support next Tuesday.   "Plans are already in place for organisations to migrate to other operating systems...

More than 24 million vulnerable home routers are exposing internet service providers to DNS-based amplification attacks. According to Nominum, in February 2014, over 5.3 million normal home and office routers were secretly used by hackers used to generate attack traffic, accounting for 70 per cent of DNS-based DDoS amplification attacks. A simple attack can create 10s of Gbps of traffic to disrupt provider networks, enterprises, websites, and individuals anywhere in the world, according to the...

  Proper career paths need to be identified and built in order for the next generation of security professionals to achieve them.   Speaking to IT Security Guru, Adrian Davis, managing director for EMEA at (ISC)2 said that the challenge with working in the security industry is that often, there is no clear career path on how to get from a masters degree in computer science to a job.   “If you think about other...

Two banks have dismissed their legal claims against managed service provider Trustwave and retailer Target following the massive breach reported last year. Green Bank issued the dismissal on Monday, stating that Trustwave nor Target had been served with summons, and neither had filed an answer or motion for summary judgement. “Green Bank hereby dismissed their claims without prejudice to re-filling pursuant to Federal Rule of Civil Procedure,” it said. Trustmark National Bank issued a similar...

BSides London has announced renowned industry speaker Trey Ford as its keynote speaker, as it opens the voting for its 2014 talks. Ford, who was the chief organiser for the annual Blackhat conference in Las Vegas and is currently global security strategist at Rapid7, will present on the current proliferation of malware and other threats and discuss tactics for detection and containment.   With a month to go, BSides London has closed its content for...