Top 10 Stories

The latest security breach of the Healthcare.gov website underscores the continuing lack of adequate penetration testing and vulnerability assessment conducted on the troubled online health exchange by the federal IT managers and their contractors.   The most recent breach of the Obamacare website, first detected in late August and reported on September 4th, was described by federal administrators as "an intrusion on a test server" involving the installation of malware developed to initiate a denial-of-service...

The UK’s £860 million National Cyber Security Programme has so far failed to deliver the expected economic benefits for businesses, the latest progress report from the National Audit Office (NAO) has found.   On the positive side, progress has been made in getting businesses and consumers to take cyber security seriously, the clutch of educational initiatives have started to address skills shortages, and financial governance of the Programme appears to be good.   On the...

A team of Finnish researchers has discovered that the files encrypted by TorrentLocker ransomware can be decrypted without paying the ransom - if the user has at least one of the encrypted files backed up somewhere, and that file is over 2MB in size. Security experts from iSIGHT Partners have also said that, despite the crooks claiming that the malware uses RSA-2048 encryption, it in fact uses the Rijndael algorithm. Researchers Taneli Kaivola, Patrik Nisén and...

Ever since the Target data breach came into the limelight, there has been a constant stream merchants/retailers publicly disclosing data breach incidents.   According to Trend Micro, in addition to an increased number of data breaches, 2014 also brings an increase in the number of new PoS RAM scraper families.   The earliest evidence of PoS RAM scraping was in Visa’s Data Security Alert issued on October 2, 2008. Back then, cyber criminals attempted to install...

McAfee and Symantec have joined Fortinet and Palo Alto Networks as founding members of the Cyber Threat Alliance.   The alliance was announced in May by Palo Alto Networks and Fortinet and is designed to facilitate the exchange of threat intelligence and co-ordinate anti-hacker efforts between security firms.   Specifically the alliance will see the firms share data on zero-day vulnerabilities, botnet command-and-control (C&C) server information, mobile malware samples and indicators of compromise (IoCs) related...

The European Commission is seeking fresh concessions from Google on how it displays search results on web pages.   According to BBC News, Competition commissioner Joaquin Almunia revealed that he could also open a probe into Google's mobile operating system Android. The dispute has been running since 2010, after rivals, including British price-comparison site Foundem, complained that the way Google displayed results was anti-competitive.   In Europe Google has a 90% share of the search...

London businesses are facing more security incidents—and are paying more in the aftermath of them.   A new report from the London Chamber of Commerce and Industry (LCCI) argues that despite efforts from government and law enforcement, London firms – particularly small and medium-sized enterprises (SMEs) – are still largely oblivious to the ever-more sophisticated methods cyber-criminals are using to steal valuable information.   The report also found that more than 50% of London firms said they have...

A team of researchers say they believe the infamous Heartbleed bug was not the target of widespread attacks before it was publicly disclosed in April.   In a paper titled 'The Matter of Heartbleed', researchers from the University Illinois; University of Michigan; Purdue University; University of California, Berkeley; EECS and the International Computer Science Institute examined the impact of the Heartbleed vulnerability and found no evidence the bug was being exploited before it was revealed publicly five...

A database of what appears to be five million login and password pairs for Google accounts has been leaked to a Russian cyber security internet forum.   According to Panarmenian, the text file containing the alleged compromised accounts data was published late on Tuesday on the Bitcoin Security board. It lists 4.93 million entries, although the forum administration has since purged passwords from it, leaving only the logins.   The accounts are mostly those of...

Advanced cyber attacks are so sophisticated that conventional security tools are unable to cope.   Research by Lieberman Software found that as new cyber attacks continue to emerge, 48 per cent of IT security professionals admit they are not confident that they could detect an attacker attempting to breach their network. According to a survey carried out recently at last year's Black Hat USA conference, the majority of respondents revealed they were confident that their...