Editor's News

fresh espionage campaign named “Icefog” has been uncovered by Kaspersky Labs, which hit targets in South Korea and Japan and had hosted command and control servers in Asia and the United States. Described as a small yet energetic advanced persistent threat (APT) group, researchers at the company believed that it began operations in 2011 and based on the list of IP addresses used to monitor and control the infrastructure, Kaspersky Lab’s experts believe that some...

Three major US data providers have confirmed that they were breached after attacks were linked to groups who sell stolen social security numbers and other sensitive information. After the details of the breaches were announced by security blogger Brian Krebs this week, the companies involved - Dun & Bradstreet Corp, Altegrity Inc's Kroll Background America Inc and Reed Elsevier's LexisNexis Inc – were all compromised by a group that sold stolen data. An FBI spokeswoman said the...

Around half of employees have not signed a non-disclosure agreement (NDA) with their employer, nor were unsure whether they had. According to a survey by Varonis of 120 companies at Microsoft TechEd events in June, 44 per cent had not signed an NDA, while 29 per cent admitted to deleting data upon leaving a job. Speaking to IT Security Guru, director of inbound marketing at Varonis Rob Sobers said that this shows that businesses do...

CESG, the Information Security arm of GCHQ, has announced that it is extending its CESG Certified Professional scheme (CCP) to the private sector to allow all information assurance (IA) and cyber security professionals to be certified. After its launch last year, the CCP has helped some 900 government employees and external service providers achieve CCP certification. Running in parallel with the IISP’s own professional development and certification programme and allows candidates to achieve Practitioner, senior...

More than half of set of surveyed senior IT security professionals said that they were unsure whether their IT staff could detect the presence of an attacker who was attempting to breach their network or extract private data. According to a survey of nearly 200 professionals by Lieberman Software, 52 per cent said that they were “not confident” that that their IT staff could detect the presence of an attacker who was attempting to breach...

The Ministry of Defence (MoD) is to recruit hundreds of cyber specialists to help defend the UK’s national security and be able to launch strikes to enhance the UK’s range of military capabilities.   According to defence secretary Philip Hammond, the MoD will “recruit hundreds of computer experts as cyber reservists to help defend the UK’s national security” as part of a new Joint Cyber Reserve. This will see “reservists” working alongside regular forces to...

The United States of America could leave itself open to attack with more than 30,000 Department of Homeland Security employees set to stay at home due to the budget stalemate. With the two sides of Congress failing to agree on a budget, the nation has gone into a partial shutdown which will leave 700,000 federal workers staying at home national parks, museums, federal buildings and services closed down. Among the affected divisions are the departments...

Plans to better prepare the UK’s cyber defences have been met with conflicting opinions. The Ministry of Defence (MoD) announced plans to recruit “reservists” to work alongside regular forces in the creation of the new Joint Cyber Reserve Unit, who will also have the ability to make offensive strikes. Speaking to IT Security Guru, Dave Anderson, senior director at Voltage Security, said that he saw the positive side of this as it would attract new blood into...

The ZeroAccess botnet, which has control of around two million endpoints, has begun to be sinkholed with around a quarter of its connections removed. The actions by Symantec researchers, after it found a weakness that offered a complicated method to sinkhole the botnet, have allowed it to detach over half a million PCs in only five minutes. In its work, Symantec spotted the flaw in an update in its peer-to-peer command and control (C&C) architecture, a...

The Financial Policy Committee (FPC) is to devise a way of toughening up bank’s cyber defences in the next six months. According to point 13 of the FPC meeting held on 18th September, a report from the Treasury, government agencies and Financial Conduct recommended a programme of work to assess, test and improve the financial system’s resilience to cyber attacks. The minutes claimed that the “the threat had many dimensions and was growing”, and combined with...