Editor's News

The Financial Policy Committee (FPC) is to devise a way of toughening up bank’s cyber defences in the next six months. According to point 13 of the FPC meeting held on 18th September, a report from the Treasury, government agencies and Financial Conduct recommended a programme of work to assess, test and improve the financial system’s resilience to cyber attacks. The minutes claimed that the “the threat had many dimensions and was growing”, and combined with...

A man has been arrested in San Francisco on charges of hacking and operating an underground website that allowed users to purchase weapons and drugs. According to a complaint posted by security blogger Brian Krebs from the 27th September, a warrant was issued for the arrest of Ross William Ulbricht, also known as “Dread Pirate Roberts”, and others for the violation of the narcotics laws of the United States as well as knowingly “combine, conspire, confederate, and agree...

The security director of Yahoo has said that a lack of a formal bug bounty process led to the payment of $12.50 for a cross-site scripting (XSS) vulnerability. In a blog, Yahoo security director Ramses Martinez said that after “an interesting 36 hours” the company has moved to address the issue with payments from $150 - $15,000 set to be introduced from the end of this month, with the payment amount determined by a clear system...

The SSL certificate of Barack Obama’s website has expired during the Government shutdown in the United States. While commentators claimed that the shutdown will not affect national security despite 31,000 of the Department of Homeland Security’s 231,000 staff not being at work, it does seem that priorities on website security may have lapsed. According to Netcraft, as well as Obama’s 12 month SSL certificate expiring, there are at least 30 US Government sites still using SSL certificates that...

Adobe has suffered its second targeted attack in a year, investigating the illegal access of source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products by an unauthorised third party. After a discovery by security blogger Brian Krebs of 40GB of source code, which appeared to be uncompiled and complied code for ColdFusion and Adobe Acrobat, Adobe confirmed that it has been working on an investigation into a potentially broad-ranging breach into its networks since 17th September....

Microsoft will patch the zero-day in Internet Explorer next week among a batch of eight bulletins. On its next Patch Tuesday, the zero-day will be covered along with three other critical issues in Windows and the .Net framework. Also, four important patches will be released for Office, Silverlight and Server Software. Wolfgang Kandek, CTO of Qualys, said: “Microsoft has had a turbulent two weeks since their security advisory KB2887507, which detailed CVE-2013-3893, a zero-day vulnerability in Internet...

Further questions have been raised about the viability of the iPhone 5S’s fingerprint scanner, after research found that it was possible to photograph a fingerprint on a iPhone 4S, print it onto film and use it to access the new device. According to research by Germany’s Security Research Labs (SRL), it is possible to photo an iPhone 4s, and use the spoofed fingerprint to unlock a Thinkpad laptop, a Fujitsu smartphone and an iPhone 5s. In a video...

Organisations could face fines running into millions if the EU's proposed cyber risk directive is passed. Proposed in early 2012 with amendments made this year, it would permit each European Union member state to fine up to two per cent of a company's global revenue for data loss incidents.Dwayne Melancon, chief technology officer at Tripwire, said: “The new EU Directive has the potential to have a huge global impact because it applies to any organisation...

Apple is set to issue a patch for almost 70 vulnerabilities in its iOS 7 software. According to the Guardian, Apple will fix a security flaw in the new mobile device software that allows an attacker to bypass the lockscreen and access personal data. Within hours of the release of iOS7, the flaw was discovered and it gives access to personal data including email, photos, Twitter, Facebook and Flickr via a swipe up in the Control Center function...

A “secret” US intelligence court permitted the US National Security Agency to collect an expanded amount of data about Americans' email, even after finding that the agency systematically exceeded the limits of a smaller program. According to reports, the judge on the Foreign Intelligence Surveillance Court recounted a litany of problems with the first, smaller program, including the NSA collecting more categories of information than had been approved by the court and sharing data more...