Editor's News

Greater transparency of surveillance activities is to be introduced by the NSA, while the duration personal information can be held is to also be introduced.   Delivering a speech on Friday on the NSA, President Obama said that it will review decisions about intelligence priorities and sensitive targets on an annual basis, so that its actions are regularly scrutinised by the senior national security team.   As well as this, a new Presidential directive will...

Security B-Sides London will return to the UK in 2014, to be held on Tuesday the 29th April.   Under the banner of “Connecting People & Agents of All Kinds”, the community-driven event will again be held at Kensington Town Hall. Past speakers at B-Sides London have included penetration testers, industry analysts and leading consultants from the information security space.   Security B-Sides London welcomes all content for presentation ideas from prospective speakers; talks are...

Neiman Marcus President and CEO Karen Katz has formally apologised in a letter to customers.   Saying that the group deeply regrets the incident and it was “very sorry that some of our customers' payment cards were used fraudulently” and that it “remains steadfast in our commitment to delivering exceptional customer service”.   Its continuing forensic investigation found the intrusion on the 1st January after it was informed of potentially unauthorised payment card activity which...

Malware named “Black POS” was not flagged by more than 40 commercial anti-virus tools, explaining why it was able to infect Target’s point of sale system.   According to security blogger Brian Krebs, a source said that the POS malware was installed in Target’s environment around November 27th, and it was customised to avoid detection and for use in specific environments.   He said: “That source and one other involved in the investigation who also...

Target CEO Gregg Steinhafel has admitted that there was malware on its point-of-sale (PoS) systems.   In an interview with CNBC, Steinhafel said that while it did not know the full extent of what transpired, it had established the malicious compromise. According to Sophos’ Naked Security blog, credit card data is not encrypted all of the time, even on PCI-DSS compliant systems, instead it is briefly unencrypted inside the PoS terminal itself.   Writing on...

Microsoft released its lightest patch bundle in over a year last night, addressing four important issues in Windows, Office, and Dynamics AX.   Despite only being rated as important, Microsoft rated MS14-002 as the priority, as this addresses a publicly known issue in the Windows Kernel.   Ross Barrett, senior manager of security engineering at Rapid7, said: “MS14-002, addresses the somewhat awaited kernel elevation of privilege issues known as CVE-2013-5065, which was reported and disclosed back...

As the holiday season produces massive volumes of data on consumer spending trends, the global information experts at the NPD Group are benefitting from unprecedented transparency into data access and usage.   The reason is technology from Varonis Systems, a provider of software solutions for unstructured, human-generated enterprise data. The NPD Group relies on Varonis DatAdvantage to monitor, analyse and manage who has access to the company’s valuable data, and to successfully limit security exposure, meet...

The UK Government has launched the ‘Cyber Streetwise’ campaign in an aim to provide the public and businesses with the skills and knowledge they need to take control of their cyber security.   Described as an aim to “measurably and significantly improve the online safety behaviour and confidence of consumers and small businesses”, Cyber Streetwise is an interactive website explaining how businesses can enhance security. Included is guidance on securing websites, shopping safely online and...

OWASP has admitted that it could not “sit by idly and zip our mouths shut” and opted for the decision to pull out of a marketing agreement with RSA Conference.   Speaking to IT Security Guru, OWASP board member Eoin Keary said that the decision was not taken lightly and after five days of “heated debate”, the view was that the benefit to people attending the classes and the association and involvement that OWASP had...

Security vendors have been accused of being too “myopically focussed” on their own solutions, when they should have a wider perspective on what IT managers need. Barmak Meftah, president and CEO of AlienVault, told IT Security Guru that vendors should “put themselves in the shoes of IT” and look to simplify solutions to make them consumable and usable. “This is a simple mission to make security analytics easy to digest,” he said. “Too many companies...