Editor's News

A “secret” US intelligence court permitted the US National Security Agency to collect an expanded amount of data about Americans' email, even after finding that the agency systematically exceeded the limits of a smaller program. According to reports, the judge on the Foreign Intelligence Surveillance Court recounted a litany of problems with the first, smaller program, including the NSA collecting more categories of information than had been approved by the court and sharing data more widely within...

Three police departments were recently attacked in three different nations. According to BBC news, the police and reserve bank of Australia were hacked following a rise in diplomatic tensions over alleged spying by the Australian government on Jakarta officials. Reports of the spying allegations came out in Australian media from documents leaked by whistleblower Edward Snowden, which revealed that Australian spy agencies named Indonesian President Susilo Bambang Yudhoyono, the first lady, the vice-president and other senior...

Fewer than a quarter of senior business leaders reckon that they are equipped to deal with a breach, despite nearly half of organisations experiencing a loss in the past two years. The survey of 341 senior business leaders by the Economist Intelligence Unit (EIU), 41 per cent of who were c-level executives or board members, found that 57 per cent have not been trained on the correct actions to take after information has been lost....

Of 50 websites scanned by DOSarrest’s vulnerability testing service, nine out of ten would fail this test. Sean Power, security operation center manager at DOSarrest said that 90 per cent of the websites it had tested on its vulnerability testing and optimisation (VTO) service would fail an initial test. He said: “It is not the case that 90 per cent of the websites are vulnerable to a severe flaw, but it is more likely to...

oday sees the launch of the National Crime Agency which will target physical and online forms of organised crime. Originally proposed as part of the government’s Cyber Security Strategy from two years ago, the plan then was for a cyber crime unit within the National Crime Agency that will build on the Metropolitan Police's eCrime Unit, giving police forces across the country the necessary skills and experience to handle cyber crimes. The new NCA said that the...

he revelation that Adobe had been attacked with source code hacked could lead to a raft of new zero-day vulnerabilities. Speaking to IT Security Guru, Dana Tamir, director of enterprise security at Trusteer, said that a concern about the source code is that it will give whoever has it chance to search and study it for new unknown vulnerabilities, that Adobe would not be aware of. She said: “This is a real concern as we are all...

A single supervisory authority should be making decisions around data protection to ensure a “one-stop-shop” mechanism. According to an update from the Council of the European Union, the majority of the member states agreed that one single supervisory authority should be competent for monitoring the activities of the controller or processor throughout the Union and taking the related decisions. It also agreed that in important transnational cases, a “one-stop-shop” mechanism should be established in order to arrive...

A UK-based security researcher has won the first $100,000 (£62,500) bounty from Microsoft for a mitigation bypass technique. Introduced in June this year to pay for techniques that bypass built-in OS mitigations and protections for defences that stop such bypasses, and for vulnerabilities in the beta of Internet Explorer 11, the Blue Hat prize has been awarded to James Forshaw, head of vulnerability research at Context Information Security. James Forshaw, head of vulnerability research at...

The European Cybercrime Centre (EC3) has announced that Raj Samani has been appointed as cyber crime advisor. Joining a panel of industry figures including Eugene Kaspersky, Brian Honan and Trend Micro’s Rik Ferguson, the division of Europol is involved in the investigating and liaison between the European Union member states and other agencies. Having been opened on New Year’s Day this year, it will be the focal point in the EU’s fight against criminal activity...

Among eight patches released yesterday by Microsoft, the zero-day in Internet Explorer was finally covered after in the wild attacks were reported. Released last night on its monthly Patch Tuesday, MS13-080 now patches two vulnerabilities that are in the wild and as described in Security Advisory 2887505, an attacker who successfully exploited these vulnerabilities could gain the same rights as the current user running Internet Explorer. Wolfgang Kandek, CTO of Qualys, said: “This fixes ten vulnerabilities, including CVE-2013-3893,...