Editor's News

Microsoft released four bulletins last night to fix 42 Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer, .NET Framework, and Lync Server.   Microsoft recommended fixing the only critical-rated patch,MS14-052, first as this also includes new functionality to block out-of-date ActiveX controls. Craig Young, security researcher at Tripwire, said that despite this being a slow month for Microsoft patches, this ‘in-the-wild’ was being addressed in an attempt to limit the capability of exploit kits that...

Monitoring tools are being used prominently, but can be too easily used for surveillance.   Speaking at the Gartner Security and Risk Management summit in London, analyst Andrew Walls said that employers often say that they are not doing surveillance, but often gather data via technologies on users. He said: “You are gathering tons of information all of the time. Are you conscious of it and are you taking steps to leverage it to benefit of...

Vendors claim to be offering products and solutions in the governance, risk and compliance (GRC) space, but these rarely fit the analyst specification.   According to Paul Proctor, vice president, distinguished analyst and the chief of research for security and risk management at Gartner, there are plenty of vendors in the space who have their preference for some technologies, but often technologies do not fit into what it deems to be the GRC model.  ...

Major threats can be mitigated by using three simple tactics to manage user and data controls.   Speaking at the Gartner Security and Risk Management summit in London, Mark Nunnikhoven, vice president of cloud and emerging technologies at Trend Micro, highlighted breaches at Home Depot, Houston Astros, Adobe and Target, and said that the common theme was that they were all hit by an attacker who stole something, but were all major organisations who deployed security...

Dark web marketplace Silk Road was spotted due to misconfigured privacy software and a CAPTCHA which was broken by multiple access attempts.   According to a document released by consultant and former FBI agent Christopher Tarbell, analysis of the traffic being sent from the Silk Road website did not involve accessing any administrative area or “back door” of the site, as the website’s user login interface was fully accessible to the public and was accessed by username, password and...

Microsoft will release four bulletins next week, three of which will be rated as important.   With updates for Microsoft Windows, Internet Explorer, .NET Framework and Lync, this is the lightest patch Tuesday since January. Karl Sigler, threat intelligence manager at Trustwave, highlighted the first bulletin, which patches a remote code execution flaw, as being the highest priority to patch.   “This Internet Explorer bulletin marks the eighth patch Tuesday in a row that includes...

Cryptzone has acquired HiSoftware, a leading provider of governance, compliance and security solutions.   The provider of data security and identity and access management (IAM) solutions has added the product portfolio to enhance its robust capabilities in securing critical data in the cloud, on mobile devices and in customer data centres.   According to Cryptzone, the combined offering will be a complete suite of context-aware access control, data security and compliance solutions including HiSoftware’s Compliance...

Barclays has launched a revolutionary biometric scanner which identifies a user by the blood and veins in their finger.   Developed with technology from Hitachi, the Barclays Biometric Reader allows a user to scan their finger to access their online bank accounts and authorise payments within seconds, without the need for PIN, passwords or authentication codes.   Initially offered to Barclays Corporate Banking clients from next year, Ashok Vaswani, CEO Barclays Personal and Corporate Banking,...

LinkedIn has announced the roll out of three security and privacy tools to better protect user sessions, and ensure that account changes are recognised.   In a blog, Madhu Gupta, head of security, privacy and customer service products at LinkedIn, said that the three options would give members “as much choice and control as possible over your account and data”.   The first addition will offer a single page to see everywhere you’re signed in...

A massive cybercrime network which penetrated hundreds of blue-chip companies, Government institutions, research laboratories and critical infrastructure facilities was facilitated for 12 years by the incorporation of over 800 false companies registered in the UK.   According to research by Cybertinel, the espionage system was traced back to over 800 front companies registered in UK and to German individuals who operated the espionage network.   Named the ‘Harkonnen Operation’, the network performed numerous targeted penetrations...