Call 01865 845 700
Google+ account Linkedin account Twitter account YouTube account


NOV 13th 2017
SC Magazine

Windows Movie Maker scammers leverage Google SEO

While SEO best practices help brands reach the widest possible audiences by garnering more web traffic, these same tactics can also be leveraged to help cyber-criminals reach the most victims.

In the case of a Windows Movie Maker scam, cyber-criminals used their SEO skills to drive a modified version of the now defunct software, delivered from the bad guy's site, to the top of Google's rankings resulting in the malware quickly spreading. When downloaded the malware does nothing to the computer, but attempts to convince the victim to buy the "full" version of the software for $29.95 (£23).

The threat actors do such a good job of SEO that the modified version of Movie Maker also placed first on Bing, which has the second largest global market share and on the first page of other search engines, ESET researchers said in a 9 November blog post.

The once popular free-editing software was discontinued by Microsoft in January 2017, but evidently not everyone received the news as searches have continued resulting in the malware being downloaded in Israel, the Philippines, Finland and Denmark. Researchers said that as of 5 November the malware was the third most detected threat worldwide and the number one threat in Israel.

NOV 10th 2017
BBC News

Apple fixes iPhone letter 'i' bug

Apple has addressed a glitch that caused some iPhones to unexpectedly start auto-correcting the letter "i" to a capital "A" and a question mark.

The issue emerged when people updated their phones to version 11.1 of the iOS operating system.

In a tweet, Apple said people could "fix it by installing the latest software update". The update also addresses an issue with Siri.

The company has not explained what caused the problem.

The problem was highlighted last week when people trying to tweet messages such as "I got a new iPhone" found their posts were appearing as "A[?] got a new iPhone".

At the time, Apple outlined a temporary fix for the problem on its website.

NOV 10th 2017
The Register

ZX Spectrum Vega firm's lawyers targeted by empty-handed backers

Where's the money coming from to fund these sueballs, angry folk ask watchdog

Disgruntled customers of ZX Spectrum Vega+ firm Retro Computers Ltd have complained to the Solicitors’ Regulation Authority (SRA), alleging ringfenced company funds are being diverted into its legal battles.

The gist of the grievances is an allegation that some of the £513,000 given to RCL by 5,000 members of the public to put the ZX Spectrum Vega+ handheld console into production was instead spent on lawyers’ fees during a battles over control of the company that produced the devices.

Complainants claimed their cash was held in trust for the sole purpose of making their consoles and, under the terms of RCL's governing shareholders' agreement, should be spent on this alone.

NOV 10th 2017
SC Magazine

Eavesdropper flaw leaks millions of private conversations

Developers leave API credentials in applications built on Twilio telephony platform allowing phone call eavesdropping.

Security researchers found that developers building applications using the Twilio Rest API or SDK platform have carelessly hard-coded credentials into these applications resulting a large-scale data exposure.

Dubbed “Eavesdropper”, the flaw was discovered by security researchers at Appthority. It affects nearly 700 apps in enterprise mobile environments, more than 170 of which are live in the official app stores today. Affected Android apps alone have been downloaded up to 180 million times. Approximately 33 percent of the Eavesdropper apps found are business related. The exposure has been present since 2011.

Examples of apps with the Eavesdropper vulnerability include an app for secure communication for a US federal law enforcement agency, an app that enables enterprise sales teams to record audio and annotate discussions in real-time, and branded and white label navigation apps for customers such as AT&T and US Cellular.

NOV 5th 2017
BBC News

Social media giants have 'moral duty' to tackle child abuse

Tech companies need to do more to combat the "exponential" growth in child sexual exploitation online, Home Secretary Amber Rudd has said.

Ms Rudd said internet giants have a "moral duty" to act and need to work with smaller platforms used by child gamers where paedophiles operate.

She is to meet counterparts in the US government to discuss the issue.

The tech companies have said they are doing their utmost to keep their young users safe.

During Ms Rudd's trip she will attend a roundtable discussion joined by tech companies including Google, Facebook and Microsoft.

The home secretary will welcome work that has been done to tackle online child sexual abuse, but will also say that more needs to be done at a "far greater pace" across the technology industry.

Nov 4th 2017
The Register

OpenSSL patches, Apple bug fixes, Hilton's $700k hack bill, Kim Dotcom raid settlement, Signal desktop app, and more

And Microsoft dude installs Chrome during Azure talk

Happy weekend, everyone, except those of you on call, of course. Let us catch you up on all the IT security bits and pieces besides what's been reported this week.

Down in New Zealand, Kim Dotcom, the bête noire of Hollywood, reached a settlement with the New Zealand authorities over a rather dramatic raid in 2012 on his home. Cops flew in with guns and dogs to arrest Dotcom and found him hiding in his panic room.

The terms of the settlement haven't been announced, but Dotcom's lawyers said the police have promised to review their tactics. Dotcom said he hopes to make his permanent home in New Zealand. Maybe Peter Thiel will be a neighbor?

Nov 3rd 2017
The Register

Equifax execs sold shares before mega-hack reveal. All above board - Equifax probe

Nothing to see here, move along. Go back to your homes

Senior Equifax executives sold their shares in the credit agency just before its stock price plunged when the world was told it had been thoroughly hacked.

The US biz has since probed the transactions, and you'll all be extremely pleased to learn of that investigation's conclusion: there was no wrongdoing, nothing untoward, and it was all completely above board.

Sometime mid-May, miscreants exploited a vulnerability in one of Equifax's websites - specifically, a bug in an installation of Apache Struts 2 for which a patch was available but was not deployed by Equifax IT staff - to infiltrate its internal systems. As a result, sensitive personal information on roughly 150 million people in the US, UK, Canada, and beyond was slurped from the agency's databases.

Nov 3rd 2017
SC Magazine

Bring technologists quickly into leadership positions says ex GCHQ head

News Feature: Interview with ex-GCHQ director Robert Hannigan CMG; tech leaders on the board; terrorists to achieve ability to wreak cyber-chaos in 5 years; DDoS as smokescreen/DDoS Awareness Day; active cyber-defence.

Ahead of last month's Neustar International DDoS Awareness Day, SC Media UK spoke with event panellist, Robert Hannigan CMG. Hannigan is a senior British civil servant who previously served as the director of the signals intelligence and cryptography agency the Government Communications Headquarters (GCHQ) from 2014 until he resigned earlier this year.

OCT 30th 2017
The Register

Mozilla devs discuss ditching Dutch CA, because cryptowars

We don' want no STEENKIN' proxies, as will be possible under new local laws

Concerns at the effect of The Netherlands' new security laws could result in the country's certificate authority being pulled from Mozilla's trust list.

The nation's Information and Security Services Act will come into force in January 2018. The law includes metadata retention powers similar to those enacted in other countries, and also grants broad-based interception powers to Dutch security services.

Mozilla maintainers worry that interception could be enabled by abusing SSL proxying, giving rise to the proposal that the national CA - the CA of the Staat de Nederlanden - be taken off Firefox's automatic trust list.

Chris Van Pelt, who reported the issue, writes: “This revision of the law will authorise intelligence and security to intercept and analyse cable-bound (Internet) traffic, and will include far-reaching authorisations, including covert technical attacks, to facilitate their access to encrypted traffic.

OCT 27th 2017
SC Magazine

Wannacry - North Korea blamed by UK; NHS didn't follow recommendations

National Audit Office (NAO) report says NHS trusts were left vulnerable to the unsophisticated Wannacry attack because NHS chiefs ignored cyber-security recommendations. UK Government holds North Korea responsible.

Today the National Audit Office (NAO) issued a report saying National Health trusts were left vulnerable to the unsophisticated Wannacry attack because NHS chiefs ignored cyber-security recommendations. Then Minister of State for Security Ben Wallace went on to say on BBC Radio 4' that the UK Government held North Korea responsible.

Commentators all agreed on the first assertion, but there was a divergence of opinion regarding attribution.

Back in May FireEye reported that it had found that the WannaCry malware shares unique code with WHITEOUT malware that it had previously attributed to suspected North Korean actors. While we FireEye had not verified other experts' observation of known DPRK tools being used to drop early versions of WannaCry, it says it not observed other groups use the code present in both WannaCry and WHITEOUT and it do not believe it is available in open source.

missed out on the news? check out the NEW ARCHIVE
  © Quadsys 2014  -  Site Map  |  Privacy Policy  |  Terms of Use  |  Cookies Information  
Cookies in Use