Top 10 Stories

A new version of the Dofoil botnet has been detected, which is deemed to be “much more dangerous and aggressive than before”.   According to research by Fortinet, Dofoil, also known as Smoke Loader, is a modularised botnet that has existed for a few years but not seen any new variants recently.   However in September 2014, Fortinet received a brand new Dofoil variant which carries more features, including encrypted communication, several checks to detect...

Three people have been arrested by Beijing police, linked to developing the “WireLurker” malware.   Local authorities arrested the three suspects on a tip from Chinese security company Qihoo 360 Technology, the Beijing police’s Internet security team said Friday.   Only the surnames (Chen, Li and Wang) were released of the three, who were detained on Thursday and charged with creating and spreading the malware, the police said in a post on its official Sina Weibo account....

As many as five Iranian organisations were the primary targets of the Stuxnet campaign.   With one described as the “patient zero” of the 2010 global epidemic, researchers were able to work out the identities of the initial targets of the 2009 and 2010 Stuxnet versions because of a quirk of the worm.   The five Iranian organizations in question were industrial automation systems manufacturer Foolad Technic Engineering; SCADA/PLC firm Behpajooh; Neda Industrial Group; Control-Gostar...

The Alliance of Automobile Manufacturers and the Association of Global Automakers have published the “Consumer Privacy Protection Principles”, a privacy document for protecting data collected through in-car technologies.   With representation from major manufacturers such as Ford, BMW, Mercedes-Benz and Toyota, the letter to FTC Chairwoman Edith Ramirez said that the principles coincide with the associations' existing commitments to the National Highway Traffic Safety Administration (NHTSA).   The new framework, which offers “baseline privacy commitments”...

The United States State Department has shut down its unclassified email system in the wake of a suspected attack. According to a senior department official, after "activity of concern" was detected in the system, none of the State Department's classified systems were affected but it could be linked to the attack on the White House computer network in October. It was claimed that its worldwide email was shut down late on Friday as part of...

The US Postal Service breach serves as another example of the vulnerabilities found in federal IT systems. According to Senator Tom Carper, of the Senate Homeland Security and Governmental Affairs Committee, this is an opportunity to garner support for cyber legislation that has repeatedly become a back-burner issue on the Hill. He said that the incident should remind agencies to put stronger cyber protections in place and remind Congress "of the very real and growing...

A Chinese hacking group, believed to be affiliated with the Chinese Government, has penetrated Australian media organisations ahead of this weekend's G20 meeting. Dmitri Alperovitch, co-founder of CrowdStrike, told the ABC's 7.30 program that the group "Deep Panda" is the same group who were outed as spying on the networks of US foreign policy think tanks. Now, Deep Panda is targeting Australian media organisations in an attempt to understand the domestic media climate when Chinese...

Microsoft has acquired enterprise security vendor Aorato to boost its network security offering.   Offering sophisticated technology which uses machine learning to detect suspicious activity on a company’s network, it understands what normal behaviour is and identifies anomalies, so a company can quickly see suspicious behaviour and take appropriate measures to help protect itself.   According to Microsoft, this acquisition will give customers a new level of protection against threats through better visibility into their...

MasterCard and Visa have announced plans to replace their online security systems with a more user-friendly solution.   According to the Guardian, MasterCard SecureCode and Verified by Visa will be replaced with a new system which reduces the reliance on passwords.   Eventually, cardholders will be able to identify themselves with one-time passwords or fingerprint biometrics, or even a wristband which authenticates a cardholder through their unique cardiac rhythm.   A spokesperson for the PCI security...

A laptop containing the personal details of 125,000 potential and current students at Staffordshire University has been stolen from a staff member’s car.   Data included the address, telephone number and email details for applicants dating back to 2006, although the university said that files are password protected.   The university said it has carried out a review of security and will be doing "essential training" to ensure all staff are aware of their data...