Top 10 Stories

British and Israeli academics will take part in a £1.2 million joint cyber security research project announced by the Cabinet Office.   With two teams at Ramat Gan’s Bar Ilan University working with the University of Bristol and University College London, and a University of Kent link-up with the University of Haifa, the collaboration was the result of both countries leading the world in technological work.   The research work is part of an Engineering...

GitHub suffered under an experienced and prolonged distributed denial of service (DDoS) attack that appears to be delivered from China.   “We’ve been under continuous DDoS attack for 24+ hours. The attack is evolving, and we’re all hands on deck mitigating,” the platform’s administrators said in status statement. “The DDoS attack is amplifying again. We are working to mitigate with all hands on deck.   “At this time we’re fully operational but we’re still mitigating...

Hillary Clinton permanently deleted emails from her personal server according to her attorney, the chair of the Benghazi Select Committee said Friday.   Represenative Trey Gowdy, said that not only was the Secretary the sole arbiter of what was a public record, she also summarily decided to delete all emails from her server ensuring no one could check behind her analysis in the public interest.   In a statement, Gowdy said he did not know...

Google has lost a Court of Appeal bid after a group of users claimed that the search giant bypassed security settings on the Safari browser to install tracking cookies on their computers in order to target them with advertising.   The Safari workaround allegedly allowed Google to avoid the Safari web browser's default privacy setting to place cookies. Google had attempted to prevent the action, claiming there was no case to answer because consumers had...

A widespread vulnerability in Google’s Android mobile operating system could affect around half of all current Android device users.   The vulnerability was discovered by Unit 42, the threat intelligence unit at Palo Alto Networks, and could allow an attackers to hijack the installation of a seemingly safe Android application – Android Package File (APK) – on user devices, and replace it with an app of the attacker’s choice, without the user’s knowledge. Once exploited,...

Researchers at High-Tech Bridge have uncovered multiple flaws in the web interface of pfSense, which can be exploited to perform cross-site scripting and cross-site request forgery attacks.   "Successful exploitation of the vulnerabilities may allow an attacker to delete arbitrary files on the system with root privileges, steal administrator’s cookies and gain complete control over the web application and even the entire system, as pfSense is running with root privileges and allows OS command execution...

Amazon has patched a cross-site scripting zero-day vulnerability in its website after it was publicly disclosed.   The two days between disclosure and patch allowed an opportunity for Amazon accounts to be compromised and web browsers exploited.   A Brazilian hacker using the handle @BruteLogic published the flaw to XSSposed.org, saying that Amazon did not pay cash for bug bounty reports. He said that the vulnerability allowed attacks to view Amazon user credit cards and...

Cyber crime is probably the biggest risk facing companies across the world, and businesses need to do more to help Governments tackle the problem.   According to US Deputy Treasury Secretary Sarah Bloom Raskin, “each of us must recognise this risk is perhaps the most pressing operational risk of our time,” she said. “Such an approach creates multiple levels of defence.”   Shorter term "fixes" included sharing information within the sector, focusing on security of...

Two-thirds of companies name regulatory compliance and information security standards as the top reason for securing data in the cloud.   The research by Ciphercloud found that 32 per cent say that unprotected data in the cloud was a primary concern, whilst only two per cent cite malware protection for documents and lack of enough secure cloud file sharing solutions.   Of the 12 vertical industries profiled, healthcare (38 per cent) topped finance (25 per...

A former intern at car manufacturer Tesla is to launch an open source version of the CANard tool that will make it easier to hack into cars. Eric Evenchick's tool will make it cheaper and easier than ever before to get to the innards of a connected car to determine if there are any useful tweaks they can make, or any worrisome security vulnerabilities that more malicious hackers could exploit. Evenchick is hopeful CANard, based...