Editor's News

Airport parking service Park 'N Fly has notified customers of a compromise of payment card data.   In a statement, Park ‘N Fly confirmed that it has been working “continuously” to understand the nature and scope of the incident, and has engaged third-party data forensics experts to assist with its investigation.   A service that allows customers to reserve spots in advance of travel via an internet-based reservation system, the story was originally revealed in...

The Twitter and YouTube channels of the US Military Central Command have been suspended after they were taken over by hackers affiliated to ISIS. According to Washington Post, data was released which did not come from Centcom’s server or social media sites and was already publicly available online. However, the hackers had control long enough to post tweets stating “AMERICAN SOLDIERS, WE ARE COMING, WATCH YOUR BACK”. The first rogue tweet on Monday was posted...

Google has decided to stop pushing out security updates for the WebView tool within Android to those on Android 4.3, better known as Jelly Bean, or below.   According to Rapid7, the core components of Android smartphones running OS 4.3 or previous will not receive any security updates in 2015, meaning two-thirds of users won’t receive cover from Google.   Rapid7 engineering manager Tod Beardsley said that WebView is to Android, just as Internet Explorer...

The PCI Security Standards Council (SSC) has placed a number of PFI level auditors “in remediation” in what is expected to be a step-up in compliance enforcement for 2015.   Andrew Barratt, managing director of Coalfire, told IT Security Guru that two more of the approved forensic investigators (PFIs) have been put in remediation. He said: “It looks like the PCI guys are starting crack down on some of the shoddy investigation work that has...

Microsoft has pointed the finger at Google for its decision to disclose a flaw before Redmond released a fix.   Chris Betz, senior director of Microsoft Trustworthy Computing has said that the company believes in coordinated vulnerability disclosure, and asks that researchers privately disclose vulnerabilities to software providers, working with them until a fix is made available before sharing any details publically.   In a blog, Betz named Google for its release of a vulnerability...

Microsoft has announced that it is to stop offering an advanced notification service (ANS).   The advanced notifications will now only be offered to “premier customers and current organisations involved in our security programs”, and will no longer be made broadly available through a blog post and web page, according to MSRC senior director Chris Betz.   He said: “ANS has always been optimised for large organisations. However, customer feedback indicates that many of our...

The disclosed API vulnerability in Moonpig is indicative of an area that is poorly documented, insufficiently logged, and routinely overlooked in security testing.   According to Trey Ford, global security strategist at Rapid7, APIs have been an area of concern in the cyber security community for years.   “An internet exposed API (Application Program Interface) is serving requests from the public internet,” he said. “This is further complicated by different developers using and expanding the API...

Pastebin was used to store backdoor code that was later tapped in attacks against websites running a vulnerable instance of the popular RevSlider plugin.   According to researcher Denis Sinegubko, Pastebin was used as a remote server for malcode. According to The Register, Sinegubko said: “Technically, the criminals used Pastebin for what it was built for – to share code snippets. The only catch is that the code is malicious, and it is used in...

Confusion over a hashtag over an arrested member of the hacker group led to denial of service (DoS) attacks against banks in Finland.   The Helsinki Times reported on Monday of a series of DoS attacks against Finnish banks, with one running intermittently from New Year's Eve until the afternoon of Sunday 4th January. This was followed by a second attack which began only a couple of hours after the first attack had ended.  ...

Employees bringing newly purchased smartphones and tablets into the office could present a gift for hackers.   According to EY, 84 per cent of companies consider mobile security a medium/high priority area, but only 41 per cent indicated they will increase their spending in covering the threat. The consultancy warned that with millions of pounds spent on gadgets over the Christmas and New Year period, companies with poorly protected networks or without Bring Your Own...