Editor's News

American fast food restaurant chain Chick-fil-A has said it is working with leading IT security firms, law enforcement and payment industry contacts. Saying it received reports of potential unusual activity involving payment cards used at a few of its restaurants, it issued a statement saying that if an investigation reveals that a breach has occurred, customers will not be liable for any fraudulent charges to their accounts. “If our customers are impacted, we will arrange...

AOL has claimed that it has been able to stop malicious advertisements being served by its advertising platforms.   After malicious ads redirected users to malware-ridden websites, an AOL.com spokesman told PC Advisor that it has taken the necessary steps to fix the problem. “AOL is committed to bringing new levels of transparency to the advertising process, ensuring ads uphold quality standards and create positive consumer experiences,” said spokesperson said.   The malicious ads shown...

Airline WiFi from Gogo is deliberately issuing fake SSL certificates in order to provide a better service.   Having been spptted by a Twitter user who turned out to be a Google Chrome security engineer, Adrienne Porter Felt noted that while accessing Google sites, the SSL certificate was actually being issued by Gogo – an “unstrusted issuer “ – instead of Google.   Gogo WiFi is offered on multiple national and international airlines, including American...

The employee fired by Morgan Stanley for allegedly stealing and attempting to sell client account information has been named as Galen Marsh.   In the story, the employee was fired after stealing account names and numbers of clients in the wealth management division and briefly posting it online. It was originally believed that this related to 900 of the bank’s clients, around 10 per cent of the total number of clients.   According to Reuters,...

Online greeting card company Moonpig has taken an API offline which bypassed all authentication security and allow an attacker to place orders on other customer accounts.   According to research by Paul Price, the flaw allows an attacker to easily place orders on other customers accounts, add/retrieve card information, view saved addresses, view orders and much more. He also said that every API request is like this, and if you hit the API endpoint with...

An external police network was breached over the Christmas period allowing for personal information of police officers and members of the public to be illegally accessed.   According to the Eastbourne Herald, Sussex Police is investigating security breaches of its external website which occured over the Christmas period. It found that there were three breaches within a contained area of the website and could possibly be linked.   Amaraghosha Carter, joint head of IT for...

A password-hacking tool has been uploaded to allow attackers to break into any iCloud account.   Named iDict, it has been uploaded to code sharing service GitHub by a user using the handle “Pr0x13”. According to the Hacker News, the tool makes use of an exploit in Apple's iCloud security infrastructure to bypass restrictions and two-factor authentication security that prevents brute force attacks, and keeps most hackers away from gaining access to users’ iCloud accounts....

Bristol bus timetable website has been attacked by a group calling itself “Darkshadow”.   The “Arab Security Team” attacked TravelWest’s website on New Year’s Day and the website, controlled by four councils including Bristol, South Gloucestershire and North Somerset, has managed to regain control today.   Julia Dean, communication officer for WEP, told the Bristol Post that it is “working on getting the website fixed as quickly as possible”. The website was replaced with a...

Two members of the hacker group “Lizard Squad” have been arrested following a crippling attack on the PlayStation and Xbox online gaming networks over the holiday period.   Vinnie Omari was arrested in London by police investigating PayPal thefts and cyber-fraud offences over the past two years. According to The Hacker News, law enforcement officials reportedly seized phones, laptops and an Xbox from his home.   Thames Valley police said in a statement that a...

Facebook has introduced a new website to advise users on its complex privacy settings.   In an email to users, it said: “Over the past year, we’ve introduced new features and controls to help you get more out of Facebook, and listened to people who have asked us to better explain how we get and use information.” The page “Privacy Basics”, offers users a guide to “taking charge of your experience on Facebook”.   Ahead...