Editor's News

Of 50 websites scanned by DOSarrest’s vulnerability testing service, nine out of ten would fail this test. Sean Power, security operation center manager at DOSarrest said that 90 per cent of the websites it had tested on its vulnerability testing and optimisation (VTO) service would fail an initial test. He said: “It is not the case that 90 per cent of the websites are vulnerable to a severe flaw, but it is more likely to...

oday sees the launch of the National Crime Agency which will target physical and online forms of organised crime. Originally proposed as part of the government’s Cyber Security Strategy from two years ago, the plan then was for a cyber crime unit within the National Crime Agency that will build on the Metropolitan Police's eCrime Unit, giving police forces across the country the necessary skills and experience to handle cyber crimes. The new NCA said that the...

he revelation that Adobe had been attacked with source code hacked could lead to a raft of new zero-day vulnerabilities. Speaking to IT Security Guru, Dana Tamir, director of enterprise security at Trusteer, said that a concern about the source code is that it will give whoever has it chance to search and study it for new unknown vulnerabilities, that Adobe would not be aware of. She said: “This is a real concern as we are all...

A single supervisory authority should be making decisions around data protection to ensure a “one-stop-shop” mechanism. According to an update from the Council of the European Union, the majority of the member states agreed that one single supervisory authority should be competent for monitoring the activities of the controller or processor throughout the Union and taking the related decisions. It also agreed that in important transnational cases, a “one-stop-shop” mechanism should be established in order to arrive...

A UK-based security researcher has won the first $100,000 (£62,500) bounty from Microsoft for a mitigation bypass technique. Introduced in June this year to pay for techniques that bypass built-in OS mitigations and protections for defences that stop such bypasses, and for vulnerabilities in the beta of Internet Explorer 11, the Blue Hat prize has been awarded to James Forshaw, head of vulnerability research at Context Information Security. James Forshaw, head of vulnerability research at...

The European Cybercrime Centre (EC3) has announced that Raj Samani has been appointed as cyber crime advisor. Joining a panel of industry figures including Eugene Kaspersky, Brian Honan and Trend Micro’s Rik Ferguson, the division of Europol is involved in the investigating and liaison between the European Union member states and other agencies. Having been opened on New Year’s Day this year, it will be the focal point in the EU’s fight against criminal activity...

Among eight patches released yesterday by Microsoft, the zero-day in Internet Explorer was finally covered after in the wild attacks were reported. Released last night on its monthly Patch Tuesday, MS13-080 now patches two vulnerabilities that are in the wild and as described in Security Advisory 2887505, an attacker who successfully exploited these vulnerabilities could gain the same rights as the current user running Internet Explorer. Wolfgang Kandek, CTO of Qualys, said: “This fixes ten vulnerabilities, including CVE-2013-3893,...

Anti-virus firm Avast managed to deflect a potential attack that took down competitors as part of a DNS change. According to a blog by CEO Vincent Steckler, as several companies like AVG, Avira and WhatsApp apparently had their websites hacked by a new pro-Palestinian hacker group called KDMS Team, he confirmed that there was an attempt against the Avast website, but as it took immediate steps it was able to contain it. In the attack against other sites,...

The problems in mobile device management (MDM) were highlighted at an event in central London. Hosted by Context Information Security at its Context Oasis event, it revealed ways MDM can be bypassed or prove to be ineffective on iPhone and Android. Speaking at the event, Rob Sloan, head of response at Context said that “on the mobile side, the hacktivists know we’re here and they know what to go after”. The theme of the afternoon...

Security vendor Rapid7 has suffered at the hands of the hijackers who hit the DNS registrars of AVG and Aviva earlier this week. Initially confirmed this afternoon by CTO HD Moore on Twitter, a statement by the company said: “The DNS settings for Rapid7.com and Metasploit.com were changed by a malicious third-party. We have taken action to address the issue and both sites are now locked down. We are currently investigating the situation, but it...