Editor's News

Microsoft has expanded its bug bounty programs to allow more people to submit flaws and has announced it is willing to pay $100,000 for new mitigation bypass techniques. In a statement, Katie Moussouris, senior security strategist at Microsoft Security Response Center, said that it is expanding the pool of talent who can participate and submit novel mitigation bypass techniques and defensive ideas, to include responders and forensic experts who find active attacks in the wild. “Today’s...

Microsoft has released an advisory regarding an issue that affects customers using Microsoft Windows Vista, Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Lync. The company said that it was aware of targeted attacks “largely in the Middle East and South Asia” against older software and the exploit requires user interaction as the attack is disguised as an email requesting potential targets to open a specially crafted Word attachment. “If the attachment is...

A new movement to encourage sharing of information among trusted users has been launched and is seeking new partners. Founder Wolfgang Kandek, CTO of Qualys, said that the campaign has stemmed from experiences of security departments typically being policy driven and beholden to following extensive guidelines and not being able to measure programs in a way that is intelligible to their non-technical colleagues. He said: “We are good at reaching out to people about who...

Banks in the United States are to face a cyber security test that will be conducted by the New York State Department of Financial Services. According to the Wall Street Journal, around 200 banks will be required to participate in a live webcast where they will answer questions about their cyber security policies and processes on 12th December. All of the banks will be asked questions simultaneously and later will be able to see how they stack...

A large stash of data was hacked recently, exposing the personal and financial information on more than 850,000 Fortune 500 CEOs, lawmakers and A-list celebrities. Reported by Brian Krebs to have been found on the same servers as the Adobe source code, the file “CorporateCarOnline” the plain text archive apparently contained 850,000 credit card numbers, expiry dates and associated names and addresses, with more than one-quarter (241,000) including  high or no-limit American Express accounts. Those names included basketball star LeBron...

Microsoft will release eight bulletins next week, including three critical-rated patches for vulnerabilities in Internet Explorer and Microsoft Windows. Tyler Reguly, technical manager of IT security research and development at Tripwire, said: “It's a pretty typical patch Tuesday, Internet Explorer, Windows, and Office patches. This month shows that new Microsoft software isn't immune to flaws -- Office 2013, IE 11, and Windows 8.1 will all receive patches on Tuesday.” Wolfgang Kandek, CTO of Qualys, said...

HyTrust has acquired cloud encryption and key management vendor HighCloud Security to add cloud-optimised data security and privacy to administrative visibility and control. According to the companies, the combined offering will enable ‘cloaked’ private, hybrid and public clouds and helps address three of the primary security concerns in cloud environments: control; visibility; and data security and privacy. Eric Chiu, president and founder of HyTrust, said: “HyTrust represents the control point for cloud management, providing automated...

The United States computer emergency readiness team (CERT) has issued an alert about the CryptoLocker ransomware. Proving the major impact that it has had upon businesses and users globally, the US CERT said that the 2013 campaign “restricts access to infected computers and demands the victim provide a payment to the attackers in order to decrypt and recover their files”. It said: “As of this time, the primary means of infection appears to be phishing emails containing...

Trustwave has announced the acquisition of data security vendor Application Security. Adding automated database security scanning technologies to its product and service offering, Trustwave will continue to develop, support and offer the DbProtect and AppDetectivePRO products to help with compliance, patch management and mitigate data-centric vulnerabilities. Trustwave said that Application Security’s technologies will enhance Trustwave’s penetration testing and vulnerability management services, with additional database scanning and testing capabilities. Financial terms of the acquisition, which has already closed, were...

The UK’s financial firms will face a major stress test of their security systems today in order to tell how strong they are in the face of a cyber attack. According to Reuters, the "Waking Shark II" test will bombard firms with a series of announcements and scenarios, such as how a major attack on computer systems might hit stock exchanges and unfold on social media. It will be co-ordinated from a single room housing regulators,...