Editor's News

An attempt to gain access to Yahoo Mail accounts was thwarted. In a statement, Yahoo senior vice president of platforms and personalisation products Jay Rossiter, said that it identified “a coordinated effort to gain unauthorized access to Yahoo Mail accounts” and upon discovery “took immediate action to protect our users, prompting them to reset passwords on impacted accounts”. Yahoo said that while there is no evidence that the passwords used to try and access the accounts...

The 2014 board of directors have been announced by (ISC)2..   The 13-member board will provide governance and oversight for the organisation, grant certifications to qualifying candidates and enforces adherence to the (ISC)² Code of Ethics.   The new chair is Wim Remes, who brings 15 years of security experience to the position. Remes is a managing consultant at IOActive and was previously a manager of information security for Ernst and Young. He is also...

Software code development service Github has introduced a bug bounty programme.   The service, which serves both commercial and open source projects, will offer bounties up to $5,000 and be paid dependant on risk and potential impact to its users.   Launching the programme, it said in a blog post: “For example, if you find a reflected XSS that is only possible in Opera, which is two per cent of our traffic, then the severity...

A critical vulnerability has been discovered in the MediaWiki project web platform, the operation behind Wikipedia. According to research, version 1.8 onwards was vulnerable to a remote code execution (RCE) flaw, which would allow an attacker to gain complete control of the vulnerable web server. The detection by Check Point, was made to the WikiMedia Foundation who have issued an update and patch to the MediaWiki software. Prior to the availability of a patch for...

The Presidential State of the Union address briefly mentioned the Prism, NSA and surveillance controversy.   President Barack Obama said in his annual address on Capitol Hill in Washington DC that he will reform “our surveillance programs – because the vital work of our intelligence community depends on public confidence” and that “we do these things because they help promote our long-term security”.   Obama used the address to talk boisterously about economic growth, overseas military action, the...

Windows malware that can infect an Android mobile is real, but requires USB debugging to be enabled.   Research by Symantec found that a Trojan named Trojan.Droidpak drops a malicious DLL that downloads a configuration file from a remote server which parses a configuration file in order to download a malicious APK to the compromised device, as well as download necessary tools such as Android Debug Bridge (ADB). The ADB is a legitimate tool and...

In the latest version of Secured eCollaboration, Cryptzone has launched technology which allows organisations to search SharePoint to find encrypted content.   Delivering secure content without impeding searchability and collaboration, the company said that this allows encrypted content on SharePoint can only be searched and discovered by authorised users.   Utilising sophisticated approaches to key management and process whitelisting, Cryptzone said that as well as respecting the principle of the separation of duties, this prevents...

A 24-year old Russian national has been named as the creator and controller of the SpyEye Trojan.   Aleksander Panin pleaded to conspiracy to commit wire and bank fraud for his role as the primary developer and distributor of SpyEye. Panin, who was also known as “Gribodemon” and “Harderman,” pleaded guilty to conspiracy to commit wire and bank fraud.   SpyEye has infected over 1.4 million computers in the United States, and abroad, and collects personal...

A third of employees describe the security culture of their workplace as moderate or lax.   The survey of 755 British workers by Absolute Software found that 63 per cent of employees had a formal procedure in place to follow when a device is lost, and 30 per cent said that there are no personal penalties for losing the phone.   Stephen Midgley, vice president of global marketing at Absolute Software, said: “The desire for...

Free mobile applications apparently leak personal data which is collected by intelligence agencies the National Security Agency and its UK counterpart GCHQ, according to the Guardian.   Reports claim that both the NSA and GCHQ have developed capabilities to take advantage of "leaky" smartphone apps. The information, released by whistleblower Edward Snowden, is reportedly a high-priority effort for the intelligence agencies, as terrorists and other intelligence targets make substantial use of phones in planning and carrying out...