Top 10 Stories

Microsoft's search engine Bing has started taking requests for the removal of links to pages under the EU 'right to be forgotten' ruling.   According to the Telegraph, after Google began removing links at the end of June, including several relating to Telegraph articles, Microsoft's form is a four-part questionnaire. Microsoft advises those interested in completing the questionnaire that it will "help us to consider the balance between your individual privacy interest and the public interest in protecting...

60 per cent of IT teams speak to their executive team about cyber security, while 54 per cent do not educate their employees on cyber security.   According to a study of 5,000 global security professionals by Websense and the Ponemon Institute, 58 per cent want their company to invest more in skilled personnel and technologies to be effective in executing against their company’s cybersecurity objectives and mission, and a third (36 per cent) would completely...

Oracle has released a flood of security patches affecting a wide array of its products.   In all, Oracle has released some 113 security fixes in its July Critical Patch Update, addressing holes in products, including security patches for Java.   In total, Oracle’s security update is said to fix 20 vulnerabilities in Java, all of which can be exploited by remote hackers bent on breaking into and compromising your iMac or MacBook, according toIntego.

A flaw in Microsoft's Active Directory (AD) software could allow an attacker to change a victim's password and, ultimately, access a range of enterprise services.   According to SC Magazine, the attack method could open widely used Microsoft software to unauthorized access. Active Directory, deployed in 95 per cent of all Fortune 1000 companies, enables by default an older authentication protocol called NTLM.   By using a free penetration testing tool, such as WCE or Mimikatz, an attacker could easily...

As attackers target the supply chain, is it time to think about inspecting imported hardware and software?   After a spate of stories about products shipping with malware, a Veracode blog asked “Is it time for random audits to expose compromised supply chains?” If backdoors pre-loaded on your switches and routers aren’t scary enough, this week, the firm TrapX issued a reporton a piece of malicious software they called “Zombie Zero.” TrapX claims to have found...

Canadian telco Rogers has updated its privacy policy to reflect last month’s Supreme Court of Canada Spencer decision.   According toMichael Geist, the company will now require a warrant for law enforcement access to basic subscriber information (with the exception of life threatening emergencies), a policy that effectively kills the government’s Bill C-13 voluntary disclosure provisions.   Rogers said in an update: “After hearing your concerns and reviewing the Supreme Court ruling from last month, we’ve decided...

New research suggests that password re-use must be part of a user’s strategy to manage a large number of log-ins.   According to apaperon sustainably managing large numbers of accounts, users should focus strong password use on websites of higher value such as banking or health care, and re-use weaker passwords at will on sites where potential losses would be minimal.   As reported byThreatpost, “while password re-use must be part of an optimal portfolio...

The group who successfully hacked into the systems of CNET were willing to sell the information gained for as little as one Bitcoin (roughly $620).   According to Softpedia, the attackers stole usernames, emails and encrypted passwords. A representative from CBS Interactive, which owns the CNET publication, admitted that the servers had been accessed by an attacker and said that the issue had been identified and eliminated, but they would keep their eyes on the matter. W0rm did...

The Director of the Pentagon’s Missile Defense Agency reported to the Congress last week that missile defences deployed by the US Army are vulnerable to cyber attacks.   According to Security Affairs, the director has confirmed that a cyber attack could disrupt the sophisticated networks of sensors and guidance systems use in missile defences to target enemy missiles.   In 2008, attackers successfully breached the U.S. Central Command in Afghanistan with an infected flash drive as an attack vector, in that circumstance The...

The Data Retention and Investigatory Powers Bill will complete its passage through the lower chamber within a week after it was voted through by Government last night.   Making its move to the House of Lords today, the plans are supported by the three main parties and the Government won a large majority of 387 on its proposed Commons timetable for the legislation, as MPs agreed by 436 votes to 49 to complete consideration of...