Top 10 Stories

Retailer Nisa has suffered a major leak of its members’ data which has left information including stores’ trading performances and staff details vulnerable.   According to The Sunday Times, the leak was found by an employee, who pointed to a spreadsheet which had been doing the rounds containing shareholders’ addresses, phone numbers and online passwords. It is also believed other sensitive information including stores’ trading performances and staff details have also been left open to...

A series of patches for the Bash/Shellshock Unix flaw were released on Friday.   Vendor Red Hat said that the threat from Shellshock was receding now that patches had been issued for most operating systems affected by the bug, reported the Register.   Red Hat said that it had now issued new patches for the bot, after its first round of fixes proved to be incomplete. The company's security engineer Huzaifa Sidhpurwala explained that the flaws in...

Following warnings about the Shellshock/Bash vulnerability, multiple attacks have already begun to be spotted which take advantage of it.   According to Wired, the flaw is being used to infect thousands of machines with malware designed to make them part of a botnet. In at least one case, the hijacked machines are already launching distributed denial of service (DDoS) attacks that flood victims with junk traffic.   Also, rather than writing their own attack program,...

Apple has released an update to fix a flaw in the last update released this week.   After the previous update caused problems for users, users can now download and install iOS 8.0.2 that fixes an issue which affected iPhone 6 and iPhone 6 Plus users who downloaded iOS 8.0.1.   Apple apologised in a statement “for inconveniencing the iPhone 6 and iPhone 6 Plus users who were impacted by the bug ."    

The FBI and the Department of Homeland Security are warning of a heightened danger of insider threats to cyber security, stemming from disgruntled and/or former employees.   According to Infosecurity, the FBI and Department of Homeland Security have deemed that “disgruntled and former employees pose a significant cyber-threat to US businesses due to their authorized access to sensitive information and the networks businesses rely on”.   US-CERT also provided a list of handy tips to protect against...

Symantec has given interim CEO Michael Brown the job on a full time basis.   After he took the reins on following the departure of then-CEO Steve Bennett, around 100 people were apparently considered for the job.   Highlighting growth for its enterprise business, Brown outlined in the report that Symantec's ongoing investments hone in on five key assets: backup appliances, mobile, advanced threat protection, managed security services and data loss prevention.    

The risk of malicious ad networks infecting end users has been detailed in research presented at the virus Bulletin conference.   The research by Bromium explained how a malicious ad network on YouTube would deliver obfuscated JavaScript code through Flash movies. The code added an iframe to redirect users to a malicious URL serving the Styx exploit kit, a well-known banking Trojan.   In the past six months, the percentage of malicious pages detected on...

Former hacker Kevin Mitnick has added a new branch to his consultancy business,with a service offering high-end zero-day exploits to corporate and Government clients.   According to Wired, Mitnick says he’s offering exploits developed both by his own in-house researchers and by outside hackers, guaranteed to be exclusive and priced at no less than $100,000 each, including his own fee.   Mitnick declined to name any of his customers, and wouldn’t say how many, if...

The BlackEnergy malware is continuing to hit targets in Poland, Ukraine and Belgium, as a new ‘Lite’ version of the malware has been detected.   A popular DdoS Trojan, it gained notoriety in 2008 when it was reported to have been used during the Russia and Georgia conflict, when it was apparently used to launch cyber attacks against the infrastructure of Georgia.   The BlackEnergy malware was authored by a Russian hacker and originally used for...

Apple pulled an update for iOS 8 just an hour after its release, following customer complaints.   Released to fix a series of issues, users complained that it meant that they lost phone signal, leaving them unable to make calls. Others said the Touch ID feature, which allows people to unlock their iPhone using their fingerprints, no longer worked.   In a statement, Apple said: "We have received reports of an issue with the iOS...