Top 10 Stories

CrowdStrike has announced the launch of the CrowdStrike Intelligence Exchange Program (CSIX), an initiative that allows vendor partners to access and share threat intelligence to boost the ability to detect and attribute attacks, allows for attack prioritization and provide the end customer with context about the attacks in their environment. According to Infosecurity, CrowdStrike’s CSIX is launching with six partners contributing information: Agiliance, Centripetal Networks, Check Point Software Technologies, Ltd., General Dynamics Fidelis Cybersecurity Solutions, LogRhythm,...

Data has been encrypted on more than 10,000 at a Hong Kong hospital. The data, including details on patients and various research projects, were hit after a flaw was exploited network attached storage maker Synology's software. The South China Morning Post reported that the Centre for Liver Health and Institute of Digestive Disease at the Prince of Wales Hospital had been hit by blackmailers who are demanding 0.6 Bitcoin to decrypt the scrambled files. Hong Police said the...

The Office of the Australian Information Commissioner (OAIC) has released comprehensive guidance on the information security provisions it expects organisations to have in place to ensure they stay on the right side of the Privacy Act.   According to Australia's IT News, the new legislation applies to all entities turning over more than $3 million in a year and states that in the case of a company’s information stores being violated or destroyed, the entity...

FireEye and Fox-IT have jointly launched DecryptCryptoLocker, a new service assisting victims of the CryptoLocker ransomware. Available for free, the service can offer help to the users of machines whose files remain encrypted by CryptoLocker. To use the DecryptCryptoLocker tool, users need to: Identify a single, CryptoLocker-encrypted file that they believe does not contain sensitive information; upload the non-sensitive encrypted file to the DecryptCryptoLocker portal; receive a private key from the portal and a link to...

Vodafone has been named as the first telecommunications provider to be awarded with the Cyber Essentials Plus certification.   The first multi-national firm to be awarded the enhanced version of the Government's cyber security accreditation, the test saw Vodafone's UK customer, internal information and IT systems tested by auditors for compliance with the standard.   The accreditation is part of a two-tier Cyber Essentials Scheme which launched two months ago. The scheme certifies that an...

Malware which lives and works entirely out of a computer's system registry has been detected.   Named Poweliks, the malware cannot be easily detected by traditional methods, as it does not create/install files within the hard-drive of the host Windows systems. Upon infection, Poweliks exploits a vulnerability in Microsoft Word, with the assistance of another specially designed malicious Word file that transmits via email, reported IB Times.   Poweliks is designed to create a new...

The satellite communication equipment on passenger jets can be hacked, according to researcher Ruben Santamarta.   According to the Telegraph, IOActive consultant Santamarta will present at this week's Black Hat conference in Las Vegas, with him claiming that the devices are wide open and the goal of the talk is to help change that situation,   The researcher said he discovered the vulnerabilities by reverse engineering highly specialised software known as firmware, used to operate...

Man-in-the-browser attacks are plaguing businesses, with almost 94 per cent of networks identified as having traffic go to websites which host malware.   According to Cisco's 2014 mid-year security report, businesses are focusing more and more on high-impact and high-profile vulnerabilities than significant threats. By proliferating attacks against low-profile legacy applications and infrastructure with known weaknesses, malicious actors are able to escape detection as security teams focus instead on major vulnerabilities.   The report also...

A significant rise in distributed denial-of-service (DdoS) attacks in Israel has been detected.   According to Arbor Networks, the period of June 1st to August 3rd saw attacks rise, particularly in the first of week of July, where they went from an average of 30 attacks per day to 150 attacks per day. The peak was 429 attacks on July 21st.   In addition to the number of DDoS attacks initiated per day, we also...

Commercial anti-virus products from western vendors have been banned in China.   According to Net Security, Symantec and Kaspersky Lab been dropped from the approved list of security software suppliers, leaving Chinese vendors Qihoo 360, Venustech, CAJinchen, Beijing Jiangmin and Rising on the list. There has been no official explanation about this move, but Symantec has denied that their products include "hidden functionality or back doors" for the NSA or any other government entities, and Kaspersky Lab...