Editor's News

A fake version of The Onion Router (Tor) website is distributing malware.   According to research, the website is an almost perfect copy of the original website, except for the download link, and also the donation one, replaced by a Bitcoin address. Downloading the software though includes an executable file named “torbrowser-install-3.6.3_en-US.exe", which is a .NET executable.   After some analysis and decryption, it was revealed that the command and control protocol runs on Tor. According to...

Mobile security firm Lookout has raised $150 million to expand its solution to large enterprises.   Previously a strong player in the consumer market, the company said it will use the $150 million round of financing to extend its reach to large enterprises through new product development and expanded go-to-market efforts.   Jim Dolce, CEO of Lookout, said: “The proliferation of mobile devices in the workplace has created a new set of security challenges for...

Speaking at the Def Con conference last week, academic Ryan Shapiro accused the FBI of avoiding compliance with the Freedom of Information Act (FOIA) and “succeeding consistently fragrantly in violating the FOIA law”.   The Freedom of Information Act (FOIA) model is one of the “most under-appreciated elements of US society and broken”, according to academic Ryan Shapiro.   Speaking at the Def Con conference last week, Shapiro accused the FBI of avoiding compliance with FOIA and...

The vulnerability which Stuxnet exploited remains unpatched on two-thirds of PCs running Windows XP.   According to research by Kaspersky Lab, despite the CVE-2010-2568 vulnerability being patched in June 2010, over a period of eight months between November 2013 and June 2014, its detection systems are still registering tens of millions of detections of CVE-2010-2568 exploits.   The majority of detections (64.19 per cent) were on XP, and 27.99 per cent were on Windows 7. “The large...

Microsoft released nine patches last night to cover two critically rated vulnerabilities.   On its monthly patch Tuesday, it addressed 37 common vulnerabilities and exposures (CVEs) in SQL Server, OneNote, SharePoint, .NET, Windows and Internet Explorer (IE). It recommended focusing on the critical patches first.   The first is MS14-043 that fixes a vulnerability in Windows Media Centre, which could allow Remote Code Execution.   Russ Ernst, director of product management at Lumension, said: “MS14-043...

Despite there being 654 prosecutions over six years for obtaining or disclosing data, there were only three prosecutions for serious offences. According to a Freedom of Information Act (FOIA) request by Cordery, the Crown Prosecution Service confirmed that they had prosecuted for three data protection offences: obtaining or disclosing personal data or the information contained in personal data; procuring the disclosure to another person of the information contained in personal data; and selling personal data....

Londoners suffer more thefts of electronic devices than anywhere else in the UK.   According to a Freedom of Information request, of 290,651 thefts involving computer equipment reported by police forces across the entire UK, 42 per cent were reported by the Metropolitan Police. The total number of thefts of electronic devices such as computers, smartphones and tablets, which could store sensitive personal information, accounted for 34 per cent of thefts in London, compared to...

More protection is needed for activists, journalists and whistle-blowers.   Speaking at the Def Con conference, Electronic Frontier Foundation members Kirk Opsahl, Eva Galperin, Yan Zhu, Mark Jaycox and Nate Cardozo claimed that security is broken on the intelligence side, and whistle-blowers now have to go through the system and individuals, and they warn managers who do not listen. “You also cannot go to congressional committees as the system is broken, and there are no...

Information security lobbying group and research collective “I am the Cavalry” has issued an open letter to the automotive industry informing them of software failings in cars.   The open letter calls for better car safety and for collaboration with the automotive industry specifically on  five key capabilities that create a baseline for safety relating to the computer systems in cars: Safety by Design and development of automotive computer systems with security in mind; Third-Party Collaboration...

Be fearful of your smartphone as it is spying on you.   In a second surprise talk in Las Vegas last week, security veteran John McAfee spoke at the Def Con conference warning users to be wary of their smartphones. McAfee said smartphones are spying on American consumers who don’t bother to read user agreements, and asked for a show of hands of every delegate who had read the permissions for applications; less than one per...