Top 10 Stories

Telegraph & Argus: People’s private information could get into the wrong hands because of an IT problem at Bradford Council, the authority’s Conservative group has warned. Councillors working from home are reporting problems with printing from the authority’s secure system, with the documents appearing at printers in colleagues’ houses instead.  

  Bloomberg: The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said. The agency’s reported decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts....

IT News: The US government on Thursday urged companies to share information with each other about cyber threats and issued guidance making clear that doing so would not violate antitrust laws. The new push comes as many top retailers and other companies have suffered major data breaches. Most recently, the "Heartbleed" bug was found to have exposed personal data to hackers, prompting Facebook, Google and others to take steps to mitigate the impact on their users.    

Threatpost: Cisco patched four different vulnerabilities this week in one of its core operating systems and is now is beginning to look into the potential impact of this week’s Heartbleed vulnerability in at least 60 of its other products. The patches, released yesterday, fix problems in the company’s Adaptive Security Appliance (ASA) software that could have led to privilege escalation, authentication bypass, and opened products running ASA to a denial of service attack. ASA is a family of...

  ZDNet: BlackBerry said it has "no plans" to issue a transparency report in the wake of the leaks that revealed the scope and scale of the U.S. government's surveillance programs. John Sims, BlackBerry's enterprise chief, confirmed at an event in New York that the company will not issue any such report, which is commonly issued by tech companies to disclose how many government data requests it receives on an annual or quarterly basis.    

Sydney Morning Herald: The German software developer who introduced a security flaw into an encryption protocol used by millions of websites globally says he did not insert it deliberately as some have suggested. In what appears to be his first comments to the media since the bug was uncovered, Robin Seggelmann said how the bug made its way into live code could "be explained pretty easily".  

Dark Reading: Microsoft may have officially retired its Windows XP operating system this week, but that doesn't mean power plants and other critical infrastructure networks are dropping the now-unpatchable OS. While there is no official public data on the number of XP systems running in ICS/SCADA environments, experts in that area say it's well represented, as are even older versions of Windows. Running insecure OSs may seem counterintuitive in such sensitive environments as power, gas,...

Tripwire: Achieving a state of regulatory compliance and reducing vulnerability risks to the organization are not the necessarily the same thing as managing your organization’s attack surface, but those two endeavors certainly provide some achievable goals that materially reduce the overall risk profile. While mitigating all possible vectors for preventing all attacks is of course unachievable, there are numerous efforts an organization can make to reduce the probability of being targeted by raising the threshold...

Wired: When ex-government contractor Edward Snowden exposed the NSA’s widespread efforts to eavesdrop on the internet, encryption was the one thing that gave us comfort. Even Snowden touted encryption as a saving grace in the face of the spy agency’s snooping. “Encryption works,” the whistleblower said last June. “Properly implemented strong crypto systems are one of the few things that you can rely on.” But Snowden also warned that crypto systems aren’t always properly implemented....

Softpedia: Security researcher and public speaker Graham Cluley has taken it upon himself to raise awareness among Apple customers about the Heartbleed SSL flaw widely covered in the media these past two days. Apparently it’s more serious than you’d like to believe. Writing on the Intego Mac Security Blog, Cluley warns that “The Heartbleed Bug is a serious vulnerability that could lead to malicious hackers spying on what were thought to be secure Internet communications.”