Top 10 Stories

Cisco has selected Arbor’s Peakflow Threat Management System to deliver DDoS protection, at line rate speeds, on the Virtual Services Module (VSM) blade within Cisco’s ASR9000 Series Aggregation Services Routers. This powerful combination enables service providers, enterprise and Government operators to protect the investments they’ve made in networks, services and application infrastructure by detecting and mitigating DDoS attacks before they impact availability or performance. A spokesperson for Arbor Networks said: “By integrating our DDoS mitigation capabilities...

Airbus Group Innovations UK have been awarded a contract to develop and mature a Virtual Cyber Centre of Operations. As part of Dstl’s Cyber Situational Awareness research project, the contract will see Airbus Group Innovations, the corporate research and technology network of Airbus Group, develop a 3-D virtual world to enable collaboration and shared situational awareness. Dr Kevin Jones, research team leader - cyber operations at Airbus Group Innovations, said “This contract award follows foyr...

A simple yet powerful flaw exists in the Hilton Honors site, that allows anyone to hijack an account just by knowing or guessing its valid 9-digit Hilton Honors account number. Researchers found that once they had logged into a Hilton Honors account, they could hijack any other account just by knowing its account number. All it took was a small amount of changing the site’s HTML content and then reloading the page. After that, they...

The British Judo Association has temporarily shut down its online membership application system following a breach of some member's details. The BJA has warned its members to "remain vigilant and to monitor your credit cards, account statements and similar reports” after an illegal intrusion captured some members' details. A spokesperson told the Register that only a small number were breached, but only the online membership application and renewal system has been compromised, not the main...

More than 700,000 ADSL routers contain serious flaws that allow remote hackers to take control of them. The routers, provided to customers by ISPs around the world, have a “directory traversal” flaw in a firmware component called webproc.cgi, which allows hackers to extract sensitive configuration data, including administrative credentials. The flaw isn’t new and has been reported by multiple researchers since 2011 in various router models. Security researcher Kyle Lovett came across the flaw a...

Edward Snowden has warned IT specialists that they are the target of Government surveillance, as they have access to systems and to private records. Appearing via video link from Moscow at the CeBIT IT trade conference in Germany, told delegates that the Government is “looking for the people who are in this room right now”. Speaking on rumours that he wished to return to the USA, Snowden said that he wanted to tell a jury...

Email delivery service Mandrill has warned users that some email-related data may have been exposed after attackers accessed server data. Data that may have been exposed includes internal logs about emails sent, including sender and recipient addresses but not custom metadata or the content of messages. “There’s not evidence that any customer data was queried or exported, but unfortunately we can’t completely rule out the possibility of access,” Brandon Fouts, general manager of Mandrill said...

All of the major browsers fell to hacking efforts at the annual “pwn2own” contest, held this weekend in Vancouver. In all, participants from all over the world nabbed $557,500 in bug bounties for 21 critical bugs in top four web browsers as well as Windows OS, Adobe Reader and Adobe Flash. During the second and final day of this year’s hacking contest, the latest version of all the four major browsers including Microsoft Internet Explorer,...

A vulnerability in a Wordpress plug-in could allow an unauthenticated attacker to store arbitrary HTML, including JavaScript, in the WordPress administrator’s Dashboard on the target system. According to Finnish researcher Jouko Pynnönen, the JavaScript will be triggered when an administrator views the plug-in’s settings panel. No further user interaction is required. “Typically this can be used for arbitrary server-side code execution via the plugin or theme editors. Alternatively the attacker could change the administrator’s password,...

Lockheed Martin and Restoration Partners have created the Lockheed Martin Virtual Technology Cluster (VTC), a initiative to connect a growing number of entrepreneurial innovators in the UK with Lockheed Martin’s global supply chain and cutting-edge technology programmes.   Through the VTC, individuals and small and medium sized enterprises (SMEs) can obtain professional support, guidance and advice plus investment to develop their technologies and find a route to market.   With an initial focus on SMEs...