Editor's News

An analysis of security vulnerabilities in Small Office/Home Office (SOHO) wireless routers carried out by Tripwire shows that critical security vulnerabilities are endemic across the entire SOHO wireless router market.  The research, that surveyed 653 IT and security professionals and 1,009 employees who work remotely in the U.S. and U.K showed that a surprising number of IT professionals  and employees who work remotely do not use basic security controls to protect their wireless routers. Tripwire’s...

RSA, the security division of EMC, researchers have recently traced a forum post leaking the iBanking mobile bot control panel source-code. Apart from the server-side source-code, the leaked files also include a builder (a bash script) that can un-pack the existing iBanking APK file and re-pack it with different configurations, essentially providing fraudsters with the means to create their own unique application.   iBanking mobile bot is a relative new-comer to the mobile malware scene, and...

AlienVault researcher identifies Yara rules for detecting Careto malware components Last week, Kaspersky Lab released their research (Unveiling "Careto" - The Masked APT) on a fresh APT campaign, which is supposed to have been running for several years. The campaign has different pieces of malware designed for Windows and OSX systems, and also clues of components for Android and iOS devices. The main targets of this campaign are thought to be government, diplomatic and research institutions, as well as private...

Apple apps are more risky than Android when it comes to location tracking, sharing data with third parties and weak authentication. According to analysis by Appthority of 400 paid and free apps offered for both iOS and Android, 95 per cent of the top 200 free apps on iOS and Android exhibit at least one risky behaviour. While 80 per cent of paid-for apps demonstrate risky behaviour, Appthority said that iOS apps are riskier overall...

Cyber Ark is offering a free trial of a new tool that can identify and map exposed password hashes and vulnerable machines on a network. According to the company, CyberArk DNS (discovery and audit) is a patent-pending, lightweight, stand-alone tool that exposes the magnitude of privileged account security risks by enabling organisations to easily identify and analyse all privileged accounts across their network. CyberArk DNA v4 free trial licenses are currently available to all businesses...

Identity fraud figures demonstrate continued danger says CIFAS Analysis of the fraud figures recorded during 2013 by organisations that share confirmed fraud data through CIFAS – the UK's Fraud Prevention Service demonstrates that identity fraud remains the biggest fraud challenge facing the UK. While overall fraud levels decreased in 2013 by 11%, there were still over 108,500 confirmed identity frauds: which represents almost 1 in 2 of all frauds (49%). Old favourite is the new...

FC Barcelona’s Twitter account was hijacked by the Syrian Electronic Army last night, who sent messages to more than 11 million followers. While the team won 2-0 away at Manchester City, the army took control of the team’s official account, urging the management of the team not to accept Qatari money, and later said “special hi” to rivals Real Madrid. Barca previously refused to wear any corporate sponsorship on their kit, but signed a £123...

The NHS has announced plans to delay its Care.data scheme by six months after concerns were raised about patient privacy.   The decision was made by the Royal College of General Practitioners (RGCP), the British Medical Association (BMA) and Healthwatch who were concerned about sharing patient records through a central database and called for improved public awareness of the implications of the plan.   According to Computer Weekly, the Care.data scheme proposes to upload all patient records...

AlienVault has announced new partners to its open threat exchange (OTX) program.   Added are Cegeka, GoGrid, Netflow Logic, Onsight, Risk I/O and ThreatStop, while Spiceworks has already integrated the OTX into its service for the benefit of 100,000 users with over 1.4 million threat alerts in January alone. The OTX partner member program provides access to the world’s largest crowd-sourced and collaborative threat exchange, enabling partners to utilise the AlienVault OTX API and gain...

More than 300,000 user credentials were published on Pastebin over the past year, with an average leak containing 1,000 user credentials.   According to research by High-Tech Bridge, Pastebin is commonly used to share text online and is often used by programmers sharing software code, while administrators are often removing records containing stolen information as fast as they are put on the site.   Of what is posted on Pastebin, 40 per cent is email details...