Editor's News

A third of organisations experienced more than two “significant” security incidents in the past year. The survey of 1,600 IT information security decision makers in organisations of more than 500 employees, conducted by ForeScout, found that while the majority of IT organisations were aware that some of their security measures were immature or ineffective, only 33 per cent had high confidence that their organisations will improve their less mature security controls. Also on aggregate, one...

Hotel guests in the US have been warned about computers that are made available to guests in hotel business centres, which may be infected with keylogging malware.   Advisories have been issued by the US Secret Service to the hospitality industry after arrests were made of suspects who compromised computers within several major hotel business centres in the Dallas/Fort Worth areas, according to Brian Krebs.   “The keylogger malware captured the keys struck by other hotel guests that used...

LastPass has confirmed it has patched vulnerabilities in its “bookmarklets” which were exploitable.   In a blog, it confirmed that security researcher Zhiwei Li revealed “novel” vulnerabilities within the LastPass bookmarklets and One Time Passwords (OTPs). “Zhiwei discovered one issue that could be exploited if a LastPass user utilised the bookmarklet on an attacking site, and another issue if the LastPass user went to an attacking site while logged into LastPass, and used their username...

A new Trojan which is based on the binary of GameOver Zeus (GOZeus) binary has been detected.   According to a blog by Malcovery, this was distributed as the attachment to three spam email templates which claim to have come from NatWest bank. Malcovery analysts confirmed with the FBI and Dell SecureWorks, who aided in the takedown last month, which the original GameOver Zeus was still "locked down".   The company said that it was able...

The number of users with an unpatched Microsoft operating system decreased this year, while more than two-thirds of PC users were found to have an end-of-life version of Adobe Flash Player installed.   According to statistics from Secunia, Adobe Flash Player remains the most insecure program through Q1-Q2 of 2014, based on scans by the Secunia Personal Software Inspector between 1st April and 31st June 2014.   Kasper Lindgaard, director of research and security at...

Microsoft updated its Certificate Trust List (CTL) for all supported releases of Microsoft Windows to remove the trust of mis-issued third-party digital certificates.   According to Dustin Childs, group manager, response communications at Microsoft, these certificates could have been used to spoof content and perform phishing or man-in-the-middle attacks against web properties. “With this update, most customers will be automatically protected against this issue and will not need to take any action,” he said.  ...

Multiple distributed denial-of-service (DDoS) attacks were directed towards major banks, insurance companies and the largest telecommunications company in Norway.   According to Softpedia, the hackers claimed to be part of Anonymous Norway and started in the morning, when the country’s largest financial services group DNB announced that their website was partially down because of junk traffic affecting their systems. The hackers deployed attacks later against the websites of Norges Bank, Sparebank 1, Storebrand, Gjensidige, Nordea,...

Distributed denial-of-service (DDoS) attacks are always changing, and there are enough open servers on the internet to enable huge amplification attacks.   Speaking to IT Security Guru, Gary Newe, senior systems engineering manager for UK, Ireland and South Africa at F5 Networks, said that there were volumetric attacks, and these could be enabled by an attacker with a 3G connected phone, but now the capability to launch a 300 400GB attack was possible.   “Every...

Microsoft has settled with No-IP after the sinkhole debate which saw websites lose days of online presence. According to an updated statement, Microsoft said that it has reached a settlement with No-IP's parent Vitalwerks Internet Solutions. It said: “Microsoft has reviewed the evidence provided by Vitalwerks and enters into the settlement confident that Vitalwerks was not knowingly involved with the subdomains used to support malware. Those spreading the malware abused Vitalwerks’ services. “Microsoft identified malware...

Only 15 per cent of information security professionals say that they are “very prepared” for a targeted attack, yet one in five have experienced such an incident.   According to a study of 1,220 security professionals by ISACA, 66 per cent believe it’s only a matter of time before their enterprise is hit by an APT. Despite one in five being a victim, only one in three could determine the source.   Steven Babb, international...