Editor's News

Pastebin was used to store backdoor code that was later tapped in attacks against websites running a vulnerable instance of the popular RevSlider plugin.   According to researcher Denis Sinegubko, Pastebin was used as a remote server for malcode. According to The Register, Sinegubko said: “Technically, the criminals used Pastebin for what it was built for – to share code snippets. The only catch is that the code is malicious, and it is used in...

Confusion over a hashtag over an arrested member of the hacker group led to denial of service (DoS) attacks against banks in Finland.   The Helsinki Times reported on Monday of a series of DoS attacks against Finnish banks, with one running intermittently from New Year's Eve until the afternoon of Sunday 4th January. This was followed by a second attack which began only a couple of hours after the first attack had ended.  ...

Employees bringing newly purchased smartphones and tablets into the office could present a gift for hackers.   According to EY, 84 per cent of companies consider mobile security a medium/high priority area, but only 41 per cent indicated they will increase their spending in covering the threat. The consultancy warned that with millions of pounds spent on gadgets over the Christmas and New Year period, companies with poorly protected networks or without Bring Your Own...

American fast food restaurant chain Chick-fil-A has said it is working with leading IT security firms, law enforcement and payment industry contacts. Saying it received reports of potential unusual activity involving payment cards used at a few of its restaurants, it issued a statement saying that if an investigation reveals that a breach has occurred, customers will not be liable for any fraudulent charges to their accounts. “If our customers are impacted, we will arrange...

AOL has claimed that it has been able to stop malicious advertisements being served by its advertising platforms.   After malicious ads redirected users to malware-ridden websites, an AOL.com spokesman told PC Advisor that it has taken the necessary steps to fix the problem. “AOL is committed to bringing new levels of transparency to the advertising process, ensuring ads uphold quality standards and create positive consumer experiences,” said spokesperson said.   The malicious ads shown...

Airline WiFi from Gogo is deliberately issuing fake SSL certificates in order to provide a better service.   Having been spptted by a Twitter user who turned out to be a Google Chrome security engineer, Adrienne Porter Felt noted that while accessing Google sites, the SSL certificate was actually being issued by Gogo – an “unstrusted issuer “ – instead of Google.   Gogo WiFi is offered on multiple national and international airlines, including American...

The employee fired by Morgan Stanley for allegedly stealing and attempting to sell client account information has been named as Galen Marsh.   In the story, the employee was fired after stealing account names and numbers of clients in the wealth management division and briefly posting it online. It was originally believed that this related to 900 of the bank’s clients, around 10 per cent of the total number of clients.   According to Reuters,...

Online greeting card company Moonpig has taken an API offline which bypassed all authentication security and allow an attacker to place orders on other customer accounts.   According to research by Paul Price, the flaw allows an attacker to easily place orders on other customers accounts, add/retrieve card information, view saved addresses, view orders and much more. He also said that every API request is like this, and if you hit the API endpoint with...

An external police network was breached over the Christmas period allowing for personal information of police officers and members of the public to be illegally accessed.   According to the Eastbourne Herald, Sussex Police is investigating security breaches of its external website which occured over the Christmas period. It found that there were three breaches within a contained area of the website and could possibly be linked.   Amaraghosha Carter, joint head of IT for...

A password-hacking tool has been uploaded to allow attackers to break into any iCloud account.   Named iDict, it has been uploaded to code sharing service GitHub by a user using the handle “Pr0x13”. According to the Hacker News, the tool makes use of an exploit in Apple's iCloud security infrastructure to bypass restrictions and two-factor authentication security that prevents brute force attacks, and keeps most hackers away from gaining access to users’ iCloud accounts....