Editor's News

Staples has said it is investigating a possible breach of payment card data. Following other retailers including Target, Home Depot, Kmart and Dairy Queen, Staples said it has contacted law enforcement about the matter and is in the process of investigating a potential issue involving credit card data. Company spokesman Mark Cautela said in a statement, published by Reuters, that it takes the protection of customer information very seriously, and is working to resolve the situation....

The USA is to adopt the Chip and PIN model after President Barack Obama signed an executive order to add security measures for federal credit cards.   The order will see microchips and PIN numbers added to Government credit cards and debit cards starting in January, with Obama also announcing that several major companies will take steps to make their own systems more secure and offer more customer protections.   He said: “The idea that somebody...

According to a survey of 100 professionals working in legal departments and law firms in the UK, 57 per cent believe that email constitutes the greatest security risk to their business. The survey, by logistics firm DX, also revealed that over half of legal professionals know of at least one incident in the last 12 months when an email had been sent to the wrong person, and 80 per cent of these emails had been sent...

The widely reported Xen hypervisor flaw was “media hype” that over exposed a flaw that was not as critical as claimed. Speaking to IT Security Guru at the Black Hat Europe in Amsterdam, Rafal Wojtczuk, security researcher at Bromium said that the revelation of the vulnerability was “really not that interesting” as it was not that critical as the virtual machine can trigger the buffer, and the impact is that there is some data leakage...

FBI director James B. Comey has said that national threats require a “national conversation”, particularly as it is struggling to keep up with developments in technology and the ability to surveil and collect data. In a speech given at the Brookings Institution in Washington DC, the FBI director marked his first 13 months in the job saying that there are a lot of misconceptions in the public eye about what the Government collects and the...

The capability to take control of a mobile device and install malware can be done by simply plugging it into a fake charging station. Speaking at the Black Hat Europe conference, Andre Pereira said that while the trend for use of smartphones has increased, it also exposes our information. He highlighted the Android operating system and said that its customisation capability one was one of its benefits, and as vendors add their own software it...

Data transmission from a printer can be captured from 1200 metres away, according to the results of an experiment. In the opening keynote at this year's Black Hat Europe in Amsterdam, cryptographer Adi Shamir detailed an instance where it was possible to scan a printer from a distance of 1200 metres. Shamir said: “Previously, secrets were kept in file cabinets in buildings so you needed a human spy. Today, all secrets kept in cabinets need...

Microsoft released three critical patches last night, including a fix for the flaw being exploited by the sandworm gang.   As part of what it now calls Update Tuesday, Microsoft said in an advisory that the three critical-rated and five important patches will address 24 Common Vulnerabilities and Exposures (CVEs) in Windows, Office, .NET Framework, .ASP.NET and Internet Explorer. “We encourage you to apply all of these updates, but for those who need to prioritise deployment planning, we recommend focusing...

The Joint Cybercrime Action Taskforce (J-CAT) is working on building an encryption system to better enable sharing of threat information.   Speaking at the ISSE Conference in Brussels, Troels Oerting, head of the European Cybercrime Centre (EC3), said that more of a dialogue is needed, and efforts are being made to build an encryption system to encrypt and minimise what data is shared.   Oerting told IT Security Guru that this is an algorithm it is...

A fresh attack vector against SSL has been detailed, but analysts are mixed on the severity of the POODLE (Padding Oracle On Downgraded Legacy Encryption) flaw. After it was rumoured to be disclosed yesterday by the Register, it was later detailed as revealing a vulnerability in the way that SSL v3 uses ciphers and allows an attacker to extract the plaintext of targeted parts of an SSL connection, usually cookie data, and doesn't require such extensive control of the format of...