Editor's News

Microsoft released its lightest patch bundle in over a year last night, addressing four important issues in Windows, Office, and Dynamics AX.   Despite only being rated as important, Microsoft rated MS14-002 as the priority, as this addresses a publicly known issue in the Windows Kernel.   Ross Barrett, senior manager of security engineering at Rapid7, said: “MS14-002, addresses the somewhat awaited kernel elevation of privilege issues known as CVE-2013-5065, which was reported and disclosed back...

As the holiday season produces massive volumes of data on consumer spending trends, the global information experts at the NPD Group are benefitting from unprecedented transparency into data access and usage.   The reason is technology from Varonis Systems, a provider of software solutions for unstructured, human-generated enterprise data. The NPD Group relies on Varonis DatAdvantage to monitor, analyse and manage who has access to the company’s valuable data, and to successfully limit security exposure, meet...

The UK Government has launched the ‘Cyber Streetwise’ campaign in an aim to provide the public and businesses with the skills and knowledge they need to take control of their cyber security.   Described as an aim to “measurably and significantly improve the online safety behaviour and confidence of consumers and small businesses”, Cyber Streetwise is an interactive website explaining how businesses can enhance security. Included is guidance on securing websites, shopping safely online and...

OWASP has admitted that it could not “sit by idly and zip our mouths shut” and opted for the decision to pull out of a marketing agreement with RSA Conference.   Speaking to IT Security Guru, OWASP board member Eoin Keary said that the decision was not taken lightly and after five days of “heated debate”, the view was that the benefit to people attending the classes and the association and involvement that OWASP had...

Security vendors have been accused of being too “myopically focussed” on their own solutions, when they should have a wider perspective on what IT managers need. Barmak Meftah, president and CEO of AlienVault, told IT Security Guru that vendors should “put themselves in the shoes of IT” and look to simplify solutions to make them consumable and usable. “This is a simple mission to make security analytics easy to digest,” he said. “Too many companies...

Microsoft has had a further two Twitter accounts hacked by the Syrian Electronic Army.   After the hacktivists hit the account of Skype last week and posted anti-Government and anti-Microsoft comments, now the Twitter accounts of the gaming console Xbox and its own news feed have been taken over.   Attackers took over the @MSFTnews and @XboxSupport accounts on Saturday and posted various messages hash-tagged “SEA”, according to the Register. Although the messages are no...

The United States is to reintroduce the Personal Data Privacy and Security Act   After a series of data breaches, including the 70 million records breached by Target, senator Patrick Leahy said that such breaches are “a reminder that developing a comprehensive national strategy to protect data privacy and cyber security remains one of the most challenging and important issues facing our nation”.   He said in a statement that the reintroduction of the Personal Data...

  The open web application security protocol (OWASP) board has announced that it is to cancel its marketing agreement with RSA Conference, as well as a planned training programme.   In an announcement on the OWASP discussion board, Michael Coates, chair of the OWASP Board, said that OWASP would terminate the co-marketing agreement with RSA for RSA 2014. “This may place our training at risk, but if permitted we will still provide the free training...

Microsoft will release its lightest Patch Tuesday next week, with only four patches released.   Covering vulnerabilities in Windows, Office and Dynamics AX, all three are rated as “important”. The Office patch affects a remote code execution issue, the two Windows patches are both for elevation of privilege and the Dynamics AX is for a denial of service flaw.   Wolfgang Kandek, CTO of Qualys, said it expects one of the Windows patches to address...

Hackers were able to use the Amazon cloud in order to scrape data from LinkedIn profiles.   According to Arstechnica, the hackers employed a raft of techniques designed to bypass anti-scraping measures built into the network, including the creation of huge numbers of fake accounts. They also circumvented security measures that are supposed to require end-users to complete bot-defeating CAPTCHA dialogues when potentially abusive activities are detected.   Because of this, LinkedIn is suing the attackers over...