Top 10 Stories

IT Security Guru: Reuters suffered a “malvertising” incident over the weekend when attackers affiliated to the Syrian Electronic Army accessed the news service via a third party. In an email to IT Security Guru, security analysts from Bromium revealed that hackers spear-phished their way into the advertising network Taboola initially, which as a trusted service allowed them to deface Reuters’ website and access Taboola services.  

Threatpost: Users who visit AskMen.com, a men’s entertainment and lifestyle portal, are being hit with malicious code, potentially stemming from the Nuclear Pack exploit kit, researchers announced today. When a user stumbles across the site – or a localized version (aus.askmencom, etc.) of it – malicious code is loaded automatically and the user is redirected to another website.  

Wall Street Journal: The U.S.’s secret surveillance court is unaccountable to the public and not “inclined to promote justice,” Microsoft’s top lawyer said Wednesday. General counsel Brad Smith said the Foreign Intelligence Surveillance Court, which reviews applications and appeals involving U.S. government data-collection efforts in the name of national security, acts unlike most other courts because “only one side gets to tell its story.” The surveillance court also effectively creates law “that the American public is...

Infosecurity: Microsoft’s anti-malware engine has a serious flaw in it that could lead to a distributed denial-of-service (DDoS) attack. The Microsoft Malware Protection Engine ships with several Microsoft anti-malware products, including Windows Defender, Security Essentials and Forefront Client/Endpoint Security – and users should apply the patch that Microsoft is releasing as soon as possible to rectify the situation.  

Microsoft: It is impossible to completely prevent vulnerabilities from being introduced during the development of large-scale software projects. As long as human beings write software code, mistakes that lead to imperfections in software will be made – no software is perfect. Some imperfections simply prevent the software from functioning exactly as intended, but other bugs may present vulnerabilities.  

Dark Reading: More than one-third of data breaches aren't detected for hours, and recovering from a breach takes anywhere from days to months, a new survey says. "The mean time to respond is the focus now," says Paul Nguyen, president of global security solutions for CSG Invotas, which sponsored the survey conducted by IDC. "We've seen a significant rise in the volume of incidents corporations have to deal with. This increasing tide has caused a...

BBC: A security firm has reported uncovering evidence of cyber-thieves robbing more than 190 customers of a European bank. Kaspersky Lab said it had detected a computer server in January being used to co-ordinate an attack that appeared to have snatched more than 500,000 euros ($700,000; £400,000) over the course of a single week.  

IT News: Australia's national auditor has found seven of the country's largest federal government agencies are vulnerable to external cyber attacks thanks to weak security provisions. The Australian National Audit Office (ANAO) assessed the compliance of a select handful of agencies against the mandatory ICT security strategies demanded by Australian Government Information Security Manual - which the Australian Signals Directorate has previously said would prevent at least 85 percent of targeted cyber intrusions if implemented fully.    

BBC: "There is no programme of mass surveillance and there is no surveillance state," Home Secretary Theresa May has said. Speaking at the Lord Mayor's Defence and Security Lecture at Mansion House, in the City of London, Mrs May dismissed recent criticism of the activities of the security services.  

Tweaktown: Companies and enterprises are seeing the negative impact of cybersecurity issues, such as data breaches can cause, but aren't using information protection strategies to help combat the problem, according to a recent survey published by CSO Magazine and PwC.   Three out of four companies experienced some type of security problem in the past year, with an average of 135 incidents per company. To make matters worse, improving cybersecurity still isn't company priority when compared to other day-to-day...