Top 10 Stories

Researchers claim that they have been able to reprogram USB drive firmware with malicious code.   According to The Register, code executed by the gadget's micro-controller cany install malware on a PC or redirect network traffic without a victim knowing. Karsten Nohl and Jakob Lell, from German security skunkworks SR Labs, spent months analysing the software and micro-controllers embedded in particular USB devices, and said they have found they could reliably hide, in the flash...

A New York judge has ordered Microsoft to hand over Department of Justice emails which are stored in its Irish data centre. According to eweek, Microsoft has vowed to appeal the ruling and has support from Verizon, Cisco, Apple and the Electronic Frontier Foundation (EFF), who have all filed amicus briefs in support of the Redmond company.   Microsoft was originally ordered on July 31st to comply with a U.S. Department of Justice warrant to produce emails...

More industries are being hit by the infamous and prolific cyberspying operation known as Energetic Bear, or DragonFly.   According to Kaspersky, the group behind this have been busy over the past few months and the closer researchers dig into its operations, the bigger and more expansive its reach appears, reports Dark Reading.   In its in-depth report on the attack campaign, Kaspersky said it has infected more than 2,800 known victims around the globe,...

The CIO of the Canadian Govenrnment has said that it could take a year to recover from a ‘sophisticated’ state-sponsored actor.   The nation said in a statement that “every step is being taken to minimize disruption” but a separate statement by the Government of Canada CIO went further, claiming the attack was perpetrated by a “highly sophisticated Chinese state-sponsored actor”.   China denied any part in the attack, and called the allegations “groundless”, according to Infosecurity...

The Russian Government has asked Apple to hand over source code for inspection to ensure that the iPhone maker is not complicit in enabling U.S. intelligence services to spy on the world's largest country.   After Russian Communications Minister Nikolai Nikiforov made the same proposition to SAP, ohe suggestion came during a meeting between Nikiforov, Peter Engrob Nielsen — Apple's top Russian executive — and SAP managing director Vyacheslav Orekhov, according to Apple Insider. "Edward...

Facebook has fixed a vulnerability in its Android app, which could allow an attacker to cause a denial-of-service on a device or transfer large amounts of data to and from the device, incurring large data charges.   According to Threatpost, the flaw existed in the way that the Facebook app handled HTTP requests as the server will accept requests from any client, which leads to the vulnerability.   The update from Facebook also fixes a pair of...

Security specialists at Georgia Tech Research Institute (GTRI) have developed an open source intelligence gathering system that aims to give cybersecurity teams advance warning of pending attacks.   Named BlackForest, the system collects information from the public internet, including social media, hacker forums and other sites where malware authors and others gather, according toGCN.   Connecting the information and relating it to past activities can let organizations know they are being targeted, help them understand...

Global energy cyber security company Nation-E is building an Energy Cyber Security Center, to be opened in Israel later this year. According to Infosecurity, this will be dedicated to protecting critical infrastructure and include an Energy Cyber Security Training Arena, simulating real-world energy crises and having a goal of providing the world’s largest energy devices performance database for testing, certifying and commercialising energy innovations. The aim is that teams from global industries and Government organisations will...

Blackberry has entered into an agreement to acquire Secusmart, a German voice and data encryption firm that specialises in “anti-eavesdropping” services for government agencies, corporate customers, and telecommunications providers.   According to Arstechnica, the two companies have already collaborated to produce Secusmart-equipped BlackBerry phones for German government agencies and leadership, while Secusmart’s technology meets NATO standards for “NATO restricted” communications.   The German Government has certified the technology for classified communications and the company has used its “Made...

A review of 17 major anti-virus engines and products has found dangerous local and remotely-exploitable vulnerabilities in 14 of them.   According to research by COSEINC and reported by the Register, the analysis also suggests that anti-virus companies fail by requiring overly extensive privileges, not signing product updates and delivering those over insecure HTTP, running excessive old code and not conducting proper source code reviews and fuzzing.   Anti-virus engines which were built in C...