Editor's News

The end of support by Microsoft for XP has apparently spelled the end for TrueCrypt, as users have been delivered messages warning that it is “not secure as it may contain unfixed security issues”. The homepage for the encryption programme is now redirecting to a web-based source code repository with the warning in red text, and stating that “this page exists only to help migrate existing data encrypted by TrueCrypt”. It also states: “The development...

Fresh ransomware that is distributed via Java drive-by-downloads and requires a private key has been detected.   The CryptoDefense ransomware locks all files including videos, photos and documents and uses a unique public key RSA-2048 which is located “on a secret server on the internet”, according to research by Bromium.  However, a flaw, which Bromium suspected will be fixed in an update, found that due to an implementation flaw, the decryption key can also be...

Spammers are beginning to use last week’s eBay breach to send spam to users to say how their falsely arrested; and advising people to check public records to see if their names have been falsely used too.   According to a blog by Cloudmark, the message says that a person’s name was “used falsely in an arrest, and I didn’t even know it until I checked my public record” and encourages the recipient to check...

Ten per cent of professionals are still able to access networks after leaving their jobs.   According to research by Lieberman Software, 13 per cent of IT security professionals admit to being able to access previous employers’ systems using their old credentials. The survey of  270 IT professionals found that  23 per cent can get into their previous two employers’ systems using old credentials, and more than 16 per cent admit to still having access...

Former LulzSec member Hector Xavier Monsegur, aka “Sabu”, has been released from custody with a one year probation to serve.   Named in court papers as “an extremely valuable and productive cooperator”, Monsegur was given the release after aiding the FBI in intelligence on hacking and in identifying his fellow LulzSec members.   In the group, “Sabu” served primarily as a “rooter,” analysing code for vulnerabilities which could then be exploited. Those hit included Sony Pictures, Fine...

Czech anti-virus vendor Avast has taken its forum offline after it was hacked this weekend, and saw user names and hashed passwords compromised.   According to a post by CEO Vince Steckler, user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised. He said that once the forum is back online, all users will be required to set new passwords as the compromised passwords will no longer work.   He said: “This...

Cyber relations between China and the United States fell to a new low over the weekend   Following the accusations of the APT1 report of a year ago, the naming of five Chinese nationals last week saw the first move to name individuals suspected of attacking, hacking and stealing from US businesses.   According to Reuters,a report prepared by the Chinese Academy of Cyber Space claimed that America too had undertaken spying operations against China,...

Security professionals would not bother getting cyber insurance, as two-thirds believe insurers would not actually honour a claim if one was made.   A survey of 250 security professionals by AppRiver found that 32 per cent of UK businesses don’t bother seeking this increasingly vital cover, while two-thirds (63 per cent) believe insurers would not actually honour a claim if one was made.   Jim Tyer, EMEA channel director for AppRiver, said: “What this means...

Unbeknownst to them, employees and individual users often open the door to criminals by using easily-guessable passwords.   Drawing on data from 691 breach investigations from across 24 countries, the 2014 Trustwave Global Security Report found that 96 per cent of applications that Trustwave scanned in 2013 contained one or more serious security vulnerabilities while weak passwords continue to plague businesses.   The report also found that 71 per cent of compromises were not detected...

eBay may face a joint investigation by three US states, with Connecticut, Florida and Illinois jointly investigating the matter.   According to Reuters, the investigation by the states will focus on eBay's measures for securing data, circumstances that led to the breach and the company's response, said Jaclyn Falkowski, a spokeswoman for Connecticut Attorney General George Jepsen.   eBay spokeswoman Amanda Miller declined to comment on the states' actions, but said it had proactively contacted...