Top 10 Stories

Telegraph: The vast majority of electronic spying attacks in 2013 can be attributed to governments, according to a new report. The latest annual Data Breach Investigations Report by Verizon Communications reveals that there has been a three-fold increase in cyber espionage since the last report was published in April 2013.  

Wall Street Journal: A controversial nonprofit educational software company for managing and storing data about school students said Monday it is shutting down over concerns about student privacy. InBloom, which was financed by the Bill and Melinda Gates Foundation and the Carnegie Corporation of New York, had partnered with school districts to collect data on grading and attendance – and make it available for others to look for patterns that could improve student and teacher...

Techcrunch: It’s not just you. Aol Mail was hacked affecting an untold amount of accounts that were seemingly spoofed. The Twitter hashtag#aolhacked is filled with first-hand accounts of spam being sent from either the hacked email account or an email account spoofed to look like the original. Sources close to the company believe the impact was less than 1 percent of all users and that they expect the issue to be quickly remedied.    

SC Magazine UK: The vulnerability was discovered recently by the US University of New Haven's Cyber Forensics Research & Education Group. Researchers found that when WhatsApp users share their location data, it is left unencrypted and can be intercepted through a rogue access point or a man-in-the-middle attack. A video on how it's done using the NetworkMiner network sniffing tool running on Windows is availablehere.    

Naked Security: Earlier this month an Android anti-virus app, named Virus Shield, managed to fool thousands of customers into buying it, despite not having any anti-virus capabilities. The $3.99 app initially appeared to be a hot purchase as it quickly rose to the top of the Google Play Store sales charts beforeAndroid Police discovered all was not as it seemed.  

Threatpost: Apple has fixed a serious security flaw that’s present in many versions of both iOS and OSX and could allow an attacker to intercept data on SSL connections. The bug is one of many that the company fixed Tuesday in its two main operating systems, and several of the other vulnerabilities have serious consequences as well, including the ability to bypass memory protections and run arbitrary code. The most severe of the vulnerabilities patched...

IT Security Guru: A spike in point-of-sale (POS) intrusions and the plethora of online identities have led to another year of data breaches. Featuring data from 50 global organisations from 1,367 confirmed data breaches and 63,447 incidents, the seventh annual Data Breach Investigation Report (DBIR) from Verizon found that three threat patterns cover 72 percent of the security incidents in any industry: web application attacks; distributed denial of service (DDoS); and card skimming.  

IT Pro Portal: Growing cloud adoption among European enterprises is causing the amount of cyber attacks to mushroom with figures showing that Europe is the worst continent when it comes to the number of attacks against cloud infrastructures. Data from Alert Logic’s Spring 2014 Cloud Security Report showed a “significant increase” in the frequency of strikes against cloud and on-premises environments, with two types of attack in particular seeing an increase.  

Threatpost: The maligned Dual EC DRBG random number generator at the core of a $10 million secret contract between RSA Security and the National Security Agency has been removed from NIST’s draft guidance on random number generators. The National Institute for Standards and Technology said it will request final public comments before the generator is officially removed from NIST Special Publication 800-90A, Rev. 1.  

Post Online: According to the recently published Zurich Cyber Risk Report, even cyber security professionals are not clear on how the failure of an organization or of technology could develop to become a system-wide risk. The reliance on information technology has also created a complex web of interconnected risks, the report found.