Editor's News

A major police operation spanning Germany, Australia, Denmark, Sweden, Italy, France and The Netherlands has targeted people who bought the Blackshades malware.   According to Cyber Warzone, 70 homes have been entered in France, while a Dutch civilian said on Twitter that his house had been entered and his hard drives had been seized.   According to PC World, Blackshades was still widely used as of the end of last year. Research by Symantec found that Blackshades, which it classified...

Cyber is the sexy part of security, but it should be threat intelligence   Speaking at the Context Oasis event in London, Stuart McKenzie, senior investigative consultant at Context said that the problem with threat intelligence is everyone thinks everyone else is doing it better than they are, but he said that doing threat intelligence properly can give you a good profile of an attacker and “stop the basic stuff”.   He said: “Threat intelligence...

A penetration test on common Internet of Things (IoT) has revealed basic flaws, as well as how many of the devices were open and connected to the internet.   In a demonstration at the Context Oasis event in London, Alex Chapman, senior consultant did tests on network attached storage, a printer, an internet enabled rabbit toy, IP camera and light bulbs, and found exploits in most that would allow them to be remotely accessed and...

A group of US retailers have collected together to in order to prevent further breaches and protect customer information.   According to ABCNews, Nike, Lowes Target, Gap and Walgreen have launched an intelligence sharing centre with the Retail Industry Leaders Association to allow retailers to share information about data breaches and potential threats and also inform members of law enforcement and industry analysts.   Sandy Kennedy, president of the association, told ABC News that cyber...

Of 300,000 attack campaigns that have occurred globally over the past 30 days, around a quarter were targeting SQL Injection flaws.   According to Imperva, 24.6 per cent% of all attacks were SQLi attack focused. Barry Shteiman, director of security strategy at Imperva, said that SQL Injection is far from a problem of the past, it is still easy to exploit and an often used attack vector to steal information, and often does not require...

A hacking group believed to be operating from Iran has conducted multiple cyber espionage operations using tailored malware.   Named the Ajax Security Team, particulars of the group were laid out in research by FireEye, who detailed the activities in what it calls “Operation Saffron Rose”. It said that it has transitioned from performing website defacements, which it did before 2010, to malware-based espionage. Targets include companies in the defence industrial base (DIB) within the...

Microsoft released its heaviest patch bundle of 2014 last night, covering 13 vulnerabilities with eight bulletins.   Two of the bulletins are rated as critical and fix flaws in Internet Explorer and Sharepoint server. Wolfgang Kandek, CTO of Qualys, said that MS14-029 is top of the list and another surgical fix, similar to the out-of-band MS14-021 from May 1st. “MS14-021 addressed the zero-day CVE-2014-1776, which had been found in the wild by FireEye on April 26th,” he...

Eight basic security failings and vulnerabilities are most common in business failures.   According to a report by the Information Commissioner’s Office (ICO), breaches totalling almost a million pounds could have been avoided if the standard industry practices highlighted in today’s report were adopted.   The eight top computer security vulnerabilities were identified as: a failure to keep software security up to date; a lack of protection from SQL injection; the use of unnecessary services;...

Vulnerability management expert Secunia has revealed that 17 per cent of its UK users are still using Windows XP.   A month after Microsoft officially withdrew support for the operating system, Secunia said that 17 per cent of its installed user base was still running XP as of last week, a decrease from 18 per cent when the final patches were released.   Kasper Lindgaard, director of research and security at Secunia, said: “Generally speaking,...

A miscommunication issue with a member and a functionality issue with a new website feature have dogged the National Union of Journalists (NUJ) in recent days.   Journalist and NUJ member Kate Bevan told IT Security Guru that, after she had initially used a seven-character password to renew her press card, she was told this was too long and needed to “send the password by email”.   Bevan said: “You should never use anyone's credentials...