Top 10 Stories

Google has issued a new version of Chrome, patching 159 security vulnerabilities and paid out more than $75,000 in bug bounties.   A total of 272 flaws have been patched, although there was no evidence and no reports that any of those issues were ever exploited by anyone. The top bounty was $27,633.70 paid to Jüri Aedla for a vulnerability identified as CVE-2014-3188. That vulnerability could lead to remote code execution and is triggered by a...

The world has only 100 cyber criminal “kingpins” and the law needs to target them.   Speaking to the BBC's Tech Tent, show, Europol Cyber Crime Centre head Troels Oerting said that they are known and if they can be taken out of the equation then the rest will fall down. Although, he added, that this is not a static number, and it will increase.   HE said that the biggest issue facing cyber crime fighters at the...

New research co-funded by the Engineering and Physical Sciences Research Council (EPSRC) will focus on the cyber security of the UK's vital industrial control systems.   The research investment comes from the Engineering and Physical Sciences Research Council and the UK's National Cyber Security Programme. The Centre for the Protection of National Infrastructure (CPNI) and GCHQ are actively supporting the research.   The research teams will work with industry partners to understand and analyse the risks from...

Rackspace has appointed Brian Kelly as Chief Security Officer.   Formerly a Lieutenant Colonel in the US Air Force as well as serving as a consultant to the Department of Homeland Security, Kelly will be responsible for overseeing physical and information security efforts for Rackspace and its customers globally.   Prior to Rackspace, Kelly served as Ernst & Young’s Executive Director and led global advisory services including enterprise risk & compliance, standards assessments, data protection...

A group of white hat hackers have posted a petition calling for reform of both the Digital Millennium Copyright Act (DMCA) and the Computer Fraud and Abuse Act (CFAA).   According to Forbes, they claim that the acts prevent them doing their day job, and prevent proper research into widely deployed and critical technologies.   Jen Ellis, senior director of community and public affairs at Rapid7, called for laws “that protect intellectual property and prosecute cyber criminals in...

The US Government is reviewing two possible scenarios whereby private cloud suppliers and facilitators would receive access to the most sensitive Government data.   The US Department of Defense is particularly interested in collaborating with the private sector on block storage systems and virtual machine management where cloud vendors would lease rack space in data centres run by the department, and provide services entirely from within that secure facility.   An alternative to that Data...

Data on some of police seized tablets and phones is being wiped remotely while they are in police custody.   According to the BBC, Cambridgeshire, Derbyshire, Nottingham and Durham police all told BBC News handsets had been remotely "wiped", while Dorset police said this had happened to six of the seized devices it had in custody, within one year.   The technology used was designed to allow owners to remove sensitive data from their phones if...

Jonathan Hall, who this week claimed to have found the Shellshock flaw on servers at companies including Yahoo, has been visited by the FBI over a possible violation of the US Computer Fraud and Abuse Act.   Hall said he gained access to a server belonging to compression software maker WinZip, and issued a command on the machine that displayed the contents of malicious file on his own monitor. After that, he ran a “kill”...

Hackers are phishing for the source code of numerous tech companies, including Microsoft, Apple, Oracle and Adobe, for use in future advanced, targeted attacks.   Delivering a keynote at MIRcon in Washington DC, FireEye CEO David Dewalt said that the firm has detected an alarming spike in attacks targeting technology companies. He said that hackers are focused on high value targets and one of the most breached areas it sees is high tech.   "Using...

The discovery of the notorious 'state-sponsored' APT1 cyber attack campaign achieved next to nothing.   FireEye chief operating officer Kevin Mandia, formerly founder of Mandiant, said that after its February 2013 reported exposed a Chinese military unit based in Shanghai, and linked it to an unprecedented international cyber spying campaign, codenamed APT1, the impact of the report since it had been published had been negligible.   “Fast forward a year nothing's happened. We didn't have the...