Editor's News

The US Department of Defence is requesting $5 billion in funding for cyber-related actions next year. In a document detailing the budget request, it is revealed that of a total budget of $496 billion – which is static from 2013 and 2-14 requests, cyber is highlighted as a key threat area, and a key aim will be to “continue to grow and train cyber mission forces”. Mikko Hypponen, chief research officer at F-Secure, pointed out...

Microsoft has said it would fight “tooth and nail in the courts” to avoid adding backdoors to its products. According to a panel debate, Scott Charney, corporate vice president for Microsoft’s Trustworthy Computing Group, confirm that the company had never been asked by the US Government to backdoor its products and would never willingly do it. He said: “Under the wiretapping statute in FISA, you can be compelled to provide technical assistance. But if they...

Israel has opened its first “citizen” enabling computer emergency readiness team (CERT).   Serving all civilian entities, the IL-CERT is now a legal registered entity and will compliment the existing Government and academic CERTs, but cover everything they do not, according to a founder who described himself as a "proud papa".   Iftach “Ian” Amit, consultant and original founder of Il-CERT, confirmed to IT Security Guru that the “constituency is basically everything in Israel that's not...

Following its plea at the recent annual report launch, the Information Commissioner's Office (ICO) is to receive extra funding.   According to BBC News, the extra cash will enable the ICO to be a key partner of the Data Retention and Investigatory Powers Act (Drip). The ICO will receive money to cover "extra duties imposed on him by the regulations," the Home Office said.   The law will require communications providers - such as internet...

A new campaign which targets banking websites and their users has been detected. Named ”Operation Emmental”, the research by Trend Micro, the effort sees attackers targeting banks which use session tokens sent through SMS messages, a concept commonly used in Austria and Switzerland. In the attack, if a user clicks on a malicious link or attachment, the malware changes the configuration of their computers then removes itself, having changed the computers’ DNS settings to point to...

Microsoft’s Internet Explorer browser has been the most vulnerable browser, but also the fastest to be fixed.   According to the endpoint exploitation trendsreportfrom Bromium, Internet Explorer received the highest number of patches in the first six months of 2014, while there were no reported zero-day exploits for Java in the first six months of 2014, after it suffered a torrid 2013.   Bromium’s analysis found that the number of vulnerabilities for Internet Explorer have...

Cross-site scripting (XSS) online archive XSSposed has reported that it has received 1,087 vulnerabilities on 692 vulnerable websites reported by 90 security researchers in its first month. An open, non-profit internet XSS archive where any security researcher can report a XSS vulnerability on any website, the authors said that the purpose of the project is to maintain a complete archive of XSS vulnerabilities on all possible websites and domains. It said that the idea of the project is to...

IT Security Guru is to host its first in a series of webcasts on Wednesday 30th July, with a look at how vulnerabilities have not made the world come to an end.   Hosted by editor Dan Raywood, and joined by speakers Lewis Henderson, Conrad Constantine and “Spacerogue” Cris Thomas, we will discuss the key question of “If there are so many vulnerabilities, why isn't the world on fire?”   With flaws having been revealed...

The iOS app for news channel CNN has a major vulnerability in a key user functionality.   According to research by Zscaler, the free app is the second most popular news app and ranks at number 165 among all free apps. However, included in its functionality is iReport which allows users to upload photos, video and narrative to contribute to CNN news reports.   This functionality includes the ability to register for an account by...

The Electronic Frontier Foundation (EFF) has announced plans to develop an open wireless router.   Specifically designed to support secure and shareable open wireless networks, the EFF said that this is a work in progress and is “intended only for developers and people willing to deal with the bleeding edge”.   It said that the software “aims to do several things that existing routers don't do well or don't do at all” and the ultimate solution...