Editor's News

Microsoft will issue five bulletins on next week’s Patch Tuesday, including two patches rated as critical. The two critical patches are for remote code execution flaws in Windows and Microsoft Security Software, while important patches will be issued for vulnerabilities in Windows and the .NET framework. Commenting, Wolfgang Kandek, CTO of Qualys, said that for the second consecutive month, there is no update to Internet Explorer, but one will be expected before the PWN2OWN competition...

The Waking Shark 2 exercise has been described as a waste of time.   In an email to IT Security Guru, Professor John Walker, a member of the British Computer Society Elite Group, said that he did not feel that Waking Shark 2 was a success as “it did not reflect the real world” and that banks “still have massive issues”.   Walker said: “They were exposed as the Bank of England do not understand...

Tickets for this year’s Security B-Sides London conference will go on sale this Sunday.   Released this Sunday at 11am, tickets for the community-driven event sold out in a matter of minutes last year for the event held on Tuesday April 29th at Kensington and Chelsea Town Hall in London.   Held under the banner of “Connecting People & Agents of All Kinds”, the content for presentation opportunity is currently open for talks that will...

GCHQ has updated details on its website after it denied that an expired PGP key was offered for secure communication.   Researcher Terence Eden told IT Security Guru that when he contacted GCHQ and asked for a public key with which he could encrypt communications, he was directed to a key on their website which had expired a few days earlier.   In response, GCHQ denied that this was the case. A GCHQ spokesman said:...

The Target breach was made possible by a refrigeration, heating and air conditioning subcontractor who worked at several branches.   After it was revealed that the initial intrusion was made possible by the use of network credentials that were stolen from a third party vendor, security blogger Brian Krebs revealed that the attackers first broke into the retailer’s network on November 15th 2013 using network credentials stolen from Fazio Mechanical Services, a Pennsylvania provider of refrigeration and HVAC systems....

Industries providing essential services such as power, telecommunications and banking are adequately protected to avoid disruption to our everyday lives. Speaking at a summit for the financial, water, energy, communications and transport sectors, Secretary of State for Business, Innovation and Skills Vince Cable said that cyber attacks are a serious and growing threat to British businesses, but it is particularly important that those industries providing essential services such as power, telecommunications and banking are adequately...

The second Waking Shark stress test exercise has been deemed a success, with participants calling for stronger attacks next time. The exercise, which was held on Tuesday 12th November 2013, was s designed to follow up and reinforce the lessons learned from previous cyber exercises and reflect the continued evolution of the nature, intensity and sophistication of cyber threats over the past two years. It was conducted between 14 firms, six financial market infrastructure providers,...

The chief financial officer of Target has said that he is “deeply sorry” for the recent breach and it is determined to win back customers' trust.   Speaking before the US Senate Judiciary Committee hearing which is investigating the data breaches, John Mulligan, Target chief financial officer and executive vice president, said the cyber attack has strengthened its resolve and it will make “Target, and our industry, more secure for customers in the future”.  ...

Malwarebytes is to accept Bitcoin payments for its consumer anti-malware suite.   According to the company, it will accept Bitcoin for its Anti-Malware Pro product and any products that are purchased with Bitcoin will have a Bitcoin logo on the page. Malwarebytes will be using Coinbase as the payment platform.   Marcin Kleczynski, CEO of Malwarebytes, said that it was excited to accept a crypto currency that provides a level of anonymity to users. “Protecting...

The Open Group has launched an accreditation program to assure the integrity of commercial information and communication technology products.   Called the Open Trusted Technology Provider Standard (O-TTPS) Accreditation Program, this is intended to assure integrity in technology development and to prevent maliciously tainted and counterfeit products from entering the supply chain.   Companies seeking O-TTPS Accreditation can choose to be accredited for compliance with the O-TTPS standard for a specific product line, business unit...