Cyber criminals have targeted government officials in more than 20 countries in a complex online assault rarely seen since the turn of the millennium. The attack, dubbed ‘MiniDuke’ by researchers, has infected government computers in an attempt to steal geopolitical intelligence, according to security experts.
News
Facebook and Apple are the latest companies to fall victim to cyber-attack
Facebook and Apple have become the latest companies to reveal they had been the target of a “sophisticated cyber-attack” by hackers last month. Although security was breached both companies confirmed that they had found no evidence any user data had been compromised.
In a blog post on its website Facebook explained what it knew of the cyber-attack:
Bamital botnet shut down by Microsoft and Symantec anti-virus specialists
A botnet that was believed to have illegally infected somewhere between 300,000 and 8 million machines and was raking in an estimated $1 million a year has been shut down by security experts. The Bamital botnet was shut down when teams working with Microsoft and Symantec anti-virus specialists raided several data centres in the US. Microsoft and Symantec claim that the computers infected by the Bamital botnet were being used illegally for identity theft. Thousands of affected users have been offered free tools to help to clean up infected machines.
The UK signs up to a new multi-national cyber-resilience partnership
Last weekend the Foreign Secretary, William Hague, signed up to a new World Economic Forum set of principles on cyber-resilience on behalf of the UK government. The UK has joined 70 companies and government bodies across 25 countries and 15 sectors in demonstrating their commitment and determination to taking a responsible and collective approach to ensure secure, resilient digital global networks that are safe, yet open to all.
Microsoft’s cyber-security report rethinks the global web landscape
Here’s a question for you. Which continent is better prepared to cope with cyber-security issues, the United States, Europe or Africa? Well, Microsoft believes that Western Europe is best equipped to deal with the problems, closely followed by the United States. Unfortunately the developing world lags far behind, and that could have security implications for all of us.
Has Oracle’s Java 7 update patch finally removed the security vulnerabilities that have been exploited by hackers?
It’s been a torrid old time for Oracle over the last few months. Targeted by hackers, Oracle has rarely been out of the news. There were hopes that the recently-released Java 7 Update 11 would solve the problems once and for all, unfortunately the patch, which was meant to mitigate two zero-day vulnerabilities in Java that were being actively exploited by attackers, has not delivered according to cyber-security experts. They maintain that all that has happened is that the threat has been relocated, and therefore that Java is still vulnerable.
The hunt for ‘Red October’ is finally over according to malware researchers at Kaspersky Labs
The hunt for a major cyber-attack that could have been stealing confidential documents since 2007 is finally over after the Red October malware was discovered by researchers at Russia’s Kaspersky Labs. The malware had been targeting government institutions, embassies, oil and gas institutions and nuclear research centres. Red October, named after the Russian submarine featured in the Tom Clancy novel The Hunt For Red October, was designed to steal encrypted files, and was so sophisticated that it was even able to recover files that had been deleted. Experts are hailing the discovery as ‘very significant’.
Microsoft admits that millions of new computers could be infected with malware
If you ever wanted proof that website security is a major issue, or that hacking and cyber-attacks are a serious global problem, then you need look no further than the statement issued by Microsoft recently. Microsoft, the world’s largest software producer, has admitted that hackers have uploaded viruses and malware which can help them steal people’s personal data on to millions of new PCs and laptops. After an investigation the company revealed that it had found malware in counterfeit copies of Microsoft Windows which would allow hackers to remotely switch on and control devices like microphones and cameras on machines that were still factory-sealed.
Small firms face a greater cyber-security risk than their larger competitors
We often read headlines in newspapers declaring that UK businesses are suffering as many as 1,000 cyber-attacks an hour, but which businesses are most at risk from hackers? The majority of us would probably suspect that it is the largest organisations; after all they are more likely to have the most-valuable information that will prove to be attractive to hackers.
What exactly are the requirements of Payment Card Industry Data Security Standards (PCI DSS)?
Most businesses will be aware of the vital importance of spotting security vulnerabilities within their network and applications, and many will also be aware that they will need to carry out a network penetration test to help them comply with the Payment Card Industry Data Security Standard (PCIDSS) requirements. Understandably many SMBs will look to find the cheapest and quickest way to comply with the required standards. However, some businesses might be surprised to learn that the service they are paying for isn’t necessarily what they think it is. PCI DSS is explicit in its requirement that a penetration test has to be performed, but it is rather vague when it comes to explaining what methods need to be employed when performing testing.