Top 10 Stories

Ruby on Rails developers issued a patch for a SQL Injection flaw.   According to Akamai, the two vulnerabilities affect Rails applications that use PostgreSQL as a database system. The Rails developers released versions 3.2.19, 4.0.7 and 4.1.3 of the framework, and advised users to upgrade as soon as possible. Hours later they released versions 4.0.8 and 4.1.4 to fix a regression caused by the 4.0.7 and 4.1.3 updates. One of the two SQL injection vulnerabilities affects applications running...

Perhaps it is a case of the cybermen objecting to the cyber, but Whovians have websites to avoid after scripts from the new series of Doctor Who were leaked.   According to Mashable, five scripts from the upcoming season made their way to the Internet following a security breach at BBC and now the network is asking fans of the show to look away from spoilers.   According to reports, the scripts from season 8 were...

Singapore is losing an estimated $1.25 billion to cyber crime.   According to research by the Center for Strategic and International Studies (CSIS, it estimated Singapore’s losses to be part of a $445 billion loss incurred by businesses and Governments worldwide. The world’s four largest economies – the United States, China, Japan, Germany – collectively lose $250 billion.   According to Techgoondu, with this figure set to rise with global cyber crime, Governments are beginning to take serious...

The American Transportation Security Administration will ban cellphones or other electronic devices on planes heading for the US if the devices are not charged up.   Under new airport security measures, this will be enforced at some overseas airports. According to BBC news, the UK, France and Germany have all said they would comply with the American demands. Transport officials said in a statement that passengers could be asked to switch on devices, and equipment that does...

A hacker collective called “Green Dragon Crew” said that a recent attack on a Ukrainian bank was done by them.   According to Softpedia, the denial of service attack was conducted for a few hours on June 30th and caused sporadic access to users. However the group claimed that they were able to breach the bank’s systems and obtain access to customers' bank accounts. Russian news outlets said that the bank denied the information about...

Two hackers are claiming to show how they are able to deanonymize Tor users with only $3,000.   At next month’s Black Hat conference in Las Vegas, Alexander Volynkin and Michael McCord, it will demonstrate how the distributed nature, combined with newly discovered shortcomings in design and implementation of the Tor network, can be abused to break Tor anonymity. According to the Daily Dot, with “a handful of powerful servers and a couple gigabit links”, thousands of...

The number of “ordinary” internet users who are surveilled by the US Government far outnumber legally targeted foreigners.   According to the Washington Post, and reported by IT News, nine out of ten account holders found in a large cache of intercepted conversations, were not the intended surveillance targets but were caught in a net the agency had cast for somebody else, according to documents provided by Edward Snowden to the paper.   Leaks showed...

The United States Industrial Control Systems Computer Emergency Response Team (ICS-CERT) has urged critical infrastructure firms to check their networks following the news about the Dragonfly attacks.   Capable of Stuxnet-level damage, Dragonfly or Energetic Bear could theoretically cause physical damage to industrial control systems (ICS) and sabotage power plants, reports v3. ICS-CERT has issued guidance which urges firms involved in critical infrastructure to “check their network logs for activity associated with this campaign”. It...

After it was taken down at the start of the week by Microsoft, who sinkholed most of its traffic after it classified it to be hosting “bad” traffic, No IP has now regained control of all 23 domains that were seized by Microsoft on June 30th,.   In an update, it said that the domains are “now back in our control”, and is apologised for the inconvenience that the takedown caused its customers. “Thank you...

A tool used by the NSA to snoop on privacy programs that are commonly used by journalists and dissidents has been detailed.   According to Techworld, the code for XKeyScore was published as part of an investigation by two German broadcasters on Thursday, who claimed that former NSA employees and experts "are convinced that the same code or similar code is still in use today".   The report said that the code enables XKeyScore to track users...