ICYMI: Safe Harbour, VMware vulnerability, Outlook backdoor, Snowden and DDoS attacks

In this week's In Case You Missed It (ICYMI): Safe Harbour 'invalid', VMware zero-day vulnerability, Outlook webmail backdoor, Snowden smartphone allegations and DDoS attacks on the rise.

ICYMI: Safe Harbour, VMware vulnerability, Outlook backdoor, Snowden and DDoS attacks
ICYMI: Safe Harbour, VMware vulnerability, Outlook backdoor, Snowden and DDoS attacks

Updated: Safe Harbour ruled invalid by European Court of Justice

In a decision with widespread implications for the international transfer and processing of data - and the companies that provide these services - the European Court of Justice has ruled the EU-US Safe Harbour pact invalid. Experts are warning of massive disruption to international business. [Read more]

Zero day vulnerability found in VMware product

A team of experts at IT security consultancy, 7 Elements has discovered a recent VMware vCentre vulnerability (CVE-2015-2342) that could result in unauthorised remote access. A flaw within the management interface resulted in system level access to the hosting server, which could have led to the full compromise of the enterprise environment. The vulnerability takes advantage of an insecure deployment of the JMX/RMI service used to manage and monitor the Java Virtual Machine. [Read more]

Backdoor in MS Outlook webmail raises security doubts

Ex-Israeli army security experts have discovered a backdoor into Microsoft's Outlook webmail server that was being used in a targeted APT attack to infiltrate a company for several months and steal the names and passwords of 11,000 employees. [Read more]

The hack, spotted by US and Israel-based Cybereason, raises questions over the security of the Microsoft Outlook Web Access (OWA) server which Cybereason says “uniquely” connects supposedly protected internal systems to the internet and “almost by definition requires organisations to define a relatively lax set of restrictions”. [Read more]

Snowden smartphone allegations - security world unimpressed

Edward Snowden has reheated his now-cold allegation that GCHQ has the capability to hack smartphones and take control of them.

In last night's Panorama, the BBC's investigative show, Edward Snowden gave his first interview to the BBC and among others things, talked about GCHQ's Smurf ‘toolkit'.

According to the GCHQ documents which detailed the ‘smurf' toolkit, the measures work on both Android and iPhone. [Read more]

DDoS attacks continue to increase

Corero Network Security launched its detailed mid-year report on the current state of DDoS attacks based on its global customers' experience. Corero notes that attackers continue to leverage sub-saturating DDoS attacks with growing frequency. Attackers use shorter attack durations to evade defences and the report shows how DDoS scrubbing solutions can cause disruption in a network, often used to distract victims while other malware penetrates networks and steals customer information and company data. [Read more]