Editor's News

More blackhats are being drawn to using The Onion Ring (TOR) to hide their online activity.   According to media reports, as well as being a great hiding mechanism for underground markets dealing in illegal items, TOR is also being used by cyber crooks to hide their criminal activities and infrastructure. According to Kaspersky Lab’s Sergey Lozhkin, its research found that there were approximately 900 hidden services online at any current time, and it found...

South Korea has suffered its second major data breach in three months, with a telecommunications company KT Corporation affected by the loss of 12 million customer records.   According to the Register, the South Korean Government has launched an inquiry into the breach. Despite two hackers and the CEO of a telemarketing firm being arrested last week on suspicion of infiltrating the telco giant’s servers and stealing the data, the South Korean telecoms ministry has...

Microsoft will release five patches next week, with two rated as critical.   The two critical patches both fix remote code execution flaws in Windows and Internet Explorer, while the three important-rated patches fix elevation of privilege and security feature bypass vulnerabilities in Windows and Silverlight.   Ross Barrett, senior manager of security engineering at Rapid7, said that this continues the light trend of 2014 patch Tuesdays. “We only see two issues that are critical/remote code...

Government investigation websites are often abandoned and filled with spam and malicious links as certificates expire and security updates lapse.   According to a blog by security researcher Terence Eden, abandonment is the primary cause of the vulnerabilities and, as time wears on, people begin to drift away from the project, jobs change and no one is left responsible for updating and maintaining the software.   “So we move on to the tragic fate of...

Online comic store ComiXology has warned of an unauthorised access of a database that contained user details, and rolled out a complete password reset.   In an email, ComiXology said that in the course of a recent review and upgrade of its security infrastructure, it determined that an “unauthorised individual accessed a database of ours that contained usernames, email addresses and cryptographically protected passwords”.   It said that even though it stores passwords in protected...

A free security app for mobiles has been introduced by Malwarebytes to protect people from the growing number of Potentially Unwanted Programs (PUPs) targeting Android users.   According to the company, the new version of Anti-Malware Mobile will give people an option to automatically detect and block the apps that aim to make money from aggressive advertising and in-app purchases, as well as collecting unnecessary amounts of personal data.   Claiming that such apps are...

The end of support for XP by Microsoft will see a rise in the adoption of “bring your own device” policies.   According to EY, with 20-30 per cent of the world still running XP, despite Microsoft ending support in a month, BYOD could be a quick solution to the problem. Mark Brown, director of information security at EY, said: "Hackers will use this as an opportunity to take advantage of those organisations that have...

Following the breach which affected tens of millions of users, the CIO of American retailer Target has resigned.   According to media reports, Beth Jacob is the first high-level executive to leave the company following the breach of 70 million records after six years in the position. Target said that it will replace Jacob, but with an external hire, and the position will be “elevated” to CISO as part of its plan to tighten its...

To commence with this article, I would like to make it clear that I am not grumpy by intention, and that my current mood is attributed to what is at times, a failing of the Security Profession, and more the case, some of those who are associated with it in their various capacities, and guises - please allow me to elaborate. To set the scene, I wish to take you back to a Gartner event...

CIFAS – the UK's Fraud Prevention Service, today released Fraudscape: a report that analyses fraud recorded by over 300 organisations during 2013. While overall fraud levels decreased in 2013 by 11% compared with 2012, analysis in Fraudscape reveals trends, including increases in card, mortgage and loan fraud and a decrease in bank account fraud. Identity related crimes – frauds where criminals misuse the personal data of victims – still accounted for over 60% of all...