Editor's News

Anti-virus firm Avast managed to deflect a potential attack that took down competitors as part of a DNS change. According to a blog by CEO Vincent Steckler, as several companies like AVG, Avira and WhatsApp apparently had their websites hacked by a new pro-Palestinian hacker group called KDMS Team, he confirmed that there was an attempt against the Avast website, but as it took immediate steps it was able to contain it. In the attack against other sites,...

The problems in mobile device management (MDM) were highlighted at an event in central London. Hosted by Context Information Security at its Context Oasis event, it revealed ways MDM can be bypassed or prove to be ineffective on iPhone and Android. Speaking at the event, Rob Sloan, head of response at Context said that “on the mobile side, the hacktivists know we’re here and they know what to go after”. The theme of the afternoon...

Security vendor Rapid7 has suffered at the hands of the hijackers who hit the DNS registrars of AVG and Aviva earlier this week. Initially confirmed this afternoon by CTO HD Moore on Twitter, a statement by the company said: “The DNS settings for Rapid7.com and Metasploit.com were changed by a malicious third-party. We have taken action to address the issue and both sites are now locked down. We are currently investigating the situation, but it...

There is a level of frustration across the world as organisations spend ever increasing amounts of money on information security technology, yet still get breached, according to a prominent security speaker. The SANS Institute’s Dr Eric Cole claimed that organisations need to build capabilities and be prepared for the inevitable information security breach even though they are spending on security, and that there is a need for better security metrics in the boardroom. “The likelihood...

Around a third of breaches are the result of the “insider threat”. According to Forrester's recent report “Understand the State of Data Security and Privacy” found that 36 per cent of breaches were the result of some kind of misuse of data by employees. In defence of employees, the report found that only 42 per cent of staff said that they had received training on how to stay secure at work, while only 57 per...

A quarter of security professionals do not have the confidence or skills to manage virtual security deployments, according to a survey. The survey of 100 IT decision makers from UK enterprise organisations with an excess of 1,000 employees by Trend Micro found that 25 per cent of British organisations did not have the knowledge to manage virtual security deployments, while 52 per cent said that this is down to a lack of training or funds...

ForeScout has launched an open platform to allow technologies to interface with its CounterACT technology to share intelligence. Speaking to IT Security Guru, ForeScout chief marketing officer Scott Gordon said that the ControlFabric technology was long in production and was part of the most recent version of CounterACT, but it allows users to send threat information and flexibly integrate CounterACT with other security and management systems. He said: “Now users can use this to send...

I am now older and wiser and I realise I made a lot of regrettable mistakes”. Speaking in the opening keynote at the IP Expo conference in London, former hacker turned consultant Kevin Mitnick said that from a young age, he realised what I was doing was mischevous and became illegal later in life. Mitnick, who admitted to writing code that enabled him to steal his professor's password via a terminal compromise, said that the...

Edward Snowden has been described as not a hero nor traitor, but definitely a whistle-blower. Speaking in the opening keynote at the IP Expo conference in London, former hacker turned consultant Kevin Mitnick said that Snowden's revelations about the Prism software and USA's National Security Agency (NSA) spying and surveillance was good for displaying the operations against privacy, but he said that Snowden was wrong to details foreign operations. Mitnick said: “I am really happy...

The domain name system (DNS) and registry are as much of a target as websites and applications. Speaking to IT Security Guru, Chris Marrison, EMEA technical director at Infoblox, said that after the attacks against the DNS registrars of AVG, Rapid7 and Aviva last week, the DNS can be a weak point as much as cache poisoning, and protecting it is standard DNS security structures. “In this case you affect the DNS and the change makes the business...