Editor's News

Adobe has suffered its second targeted attack in a year, investigating the illegal access of source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products by an unauthorised third party. After a discovery by security blogger Brian Krebs of 40GB of source code, which appeared to be uncompiled and complied code for ColdFusion and Adobe Acrobat, Adobe confirmed that it has been working on an investigation into a potentially broad-ranging breach into its networks since 17th September....

Microsoft will patch the zero-day in Internet Explorer next week among a batch of eight bulletins. On its next Patch Tuesday, the zero-day will be covered along with three other critical issues in Windows and the .Net framework. Also, four important patches will be released for Office, Silverlight and Server Software. Wolfgang Kandek, CTO of Qualys, said: “Microsoft has had a turbulent two weeks since their security advisory KB2887507, which detailed CVE-2013-3893, a zero-day vulnerability in Internet...

Further questions have been raised about the viability of the iPhone 5S’s fingerprint scanner, after research found that it was possible to photograph a fingerprint on a iPhone 4S, print it onto film and use it to access the new device. According to research by Germany’s Security Research Labs (SRL), it is possible to photo an iPhone 4s, and use the spoofed fingerprint to unlock a Thinkpad laptop, a Fujitsu smartphone and an iPhone 5s. In a video...

Organisations could face fines running into millions if the EU's proposed cyber risk directive is passed. Proposed in early 2012 with amendments made this year, it would permit each European Union member state to fine up to two per cent of a company's global revenue for data loss incidents.Dwayne Melancon, chief technology officer at Tripwire, said: “The new EU Directive has the potential to have a huge global impact because it applies to any organisation...

Apple is set to issue a patch for almost 70 vulnerabilities in its iOS 7 software. According to the Guardian, Apple will fix a security flaw in the new mobile device software that allows an attacker to bypass the lockscreen and access personal data. Within hours of the release of iOS7, the flaw was discovered and it gives access to personal data including email, photos, Twitter, Facebook and Flickr via a swipe up in the Control Center function...

A “secret” US intelligence court permitted the US National Security Agency to collect an expanded amount of data about Americans' email, even after finding that the agency systematically exceeded the limits of a smaller program. According to reports, the judge on the Foreign Intelligence Surveillance Court recounted a litany of problems with the first, smaller program, including the NSA collecting more categories of information than had been approved by the court and sharing data more...

Online dating site Cupid Media was hacked earlier this year, exposing 42 million user details which included unencrypted passwords. According to security blogger Brian Krebs, the intrusion on the Australian website was found after the data was found on the same server as the data from the Adobe attack. Krebs said that this included names, email addresses, unencrypted passwords and birthdays of 42 million users which the company said was from a breach in January...

Yahoo has announced it is to encrypt all communications and information flowing into the internet company's data centres around the world. Following news that the National Security Agency had been hacking into the communications lines of the data centers run by Yahoo and Google to intercept information, Yahoo has now said it plans to have all data encrypted by the end of March 2014. Yahoo CEO Marissa Mayer wrote in a Monday post on the...

The forum of vBulletin was illegally accessed last week, but the website has denied that attackers exploited an unpatched zero-day vulnerability to achieve the hack. According to a new comment by vBulletin's techical support lead Wayne Luke, he said that evidence from attackers Inject0r team has led it to believe that it was not down to a zero-day vulnerability in vBulletin. “These hackers were able to compromise an insecure system that was used for testing...

New fake profiles on LinkedIn are being used to entice users to a bogus recruiter. According to research by BitDefender, the faux recruiter is named ‘Annabella Erica’ and her profile contains a link which has been featured on a number of legitimate LinkedIn groups, including the 167,000-strong Global Jobs Network. BitDefender told PCR that some of the websites that ‘Annabella’ links through to include malware-ridden code that attempts to harvest the personal data of unsuspecting...