Editor's News

Phishing attacks which use genuine BBC news stories have been detected.   According to research by Panda security, fraudsters are trying to innovate and create more realistic scenarios. One scam detected this week showed a recent story about a lottery winner that was sent around the globe and informed the recipient that they had been “donated” £1.5 million and had to send their name and address for further details.   However a link led to...

With the end of XP support now less than two weeks away, it is not predicted that attackers will hold on to exploits.   Stephen Bonner, partner in the information protection and business resilience at KPMG, said that if he were an attacker with a zero-day for XP, he would launch it now. “I don’t believe that attackers have long term economic thinking, and would retain a valuable attack. If you are an organised criminal,...

Whitehat Security has announced that it has launched a version of its Aviator for Windows.   Now available in Beta, the company said that this was the most requested feature since the Mac version was launched last October, which has seen “tens of thousands of downloads”   Robert Hansen, director of product management at WhiteHat Security, said: “Outside of keeping our blog and Twitter followers up-to-date since its release in October, we have done little-to-nothing...

Revealing too much information on breaches could leave businesses vulnerable to attack.   According to Reuters, the US Securities and Exchange Commission (SEC) has convened after a series of high-profile data breaches which has sparked major public policy debates, including on how customers should be alerted, who should bear the cost of breaches and how such information should be disclosed both to government and the public.   However, companies that over share information could become...

Plans to “professionalise” the information security have been described as “too rigid for industry”.   According to John Colley, managing director for (ISC)2 EMEA, the report from the Department for Business Innovation and Skills were worrying due to an over reliance on the CESG Certified Professional (CCP) as a foundation for all skills development in the United Kingdom.   “I fear the CCP scheme will not meet the needs of the commercial sector. This scheme...

Those companies who are compliant with the PCI data security standard are better at addressing perimeter vulnerabilities.   According to a survey by the NTT Innovation Institute, those companies who perform quarterly external PCI authorised scanning vendor assessments have a more secure vulnerability profile and a faster remediation time, with 27 per cent demonstrating this.   NTT Com global director of security strategy Garry Sidaway told IT Security Guru that often the problem compliance frameworks...

A series of legal actions have begun over the serious breach suffered by US retailer Target.   According to the complaint, as “Target and Trustwave failed their duties to 110 million customers, it falls to the Banks and the other Class members to protect those customers by reissuing their credit and debit cards, and communicating with those customers to prevent fraud and repay any fraudulently-made purchases”.   The ruling said that the banks and the...

Government snooping has put a third of organisations off using the cloud.   According to research by Lieberman Software of 280 IT professionals attending last month’s RSA Conference, fear of government snooping discourages 33 per cent of IT professionals from the cloud, while 80 per cent prefer to keep more sensitive data stored within their company’s own network.   Philip Lieberman, President and CEO of Lieberman Software, said: “IT managers are aware there is very...

Almost ten million mobile devices such as smartphones, tablets and laptops have been lost by employees over the last year.   According to research by EE of 2,000 consumers, one in five (19 per cent) of employees say they lost their mobile device on a work night out, while one in six (16 per cent) left it on public transport. Devices were also commonly left in taxis and public toilets. Of those lost, for every...

Android vulnerabilities in the way the OS handles updates have been detected, putting around one billion devices at risk.   According to a report by the Hacker News, researchers from Indiana University and Microsoft have discovered a new set of Android vulnerabilities that is capable to carry out privilege escalation attacks because of the weakness in its Package Management Service (PMS).   Named the Pileup flaws, there are six different vulnerabilities within the Android PMS and are...