Articles about Data Security

Cookie Monster

Haven't deleted your Yahoo account yet? Reminder: Hackers forged login cookies

Yahoo! is reminding folks that hackers broke into its systems, and learned how to forge its website's session cookies. That allowed the miscreants to log into user accounts without ever typing a password. In warnings emailed out this week, the troubled web biz said accounts were infiltrated in 2015 and 2016 using forged …
John Leyden, 16 Feb 2017

Cloud industry body sets up new data protection code

A number of cloud infrastructure providers operating in Europe have signed up to a new data protection code of conduct. The code, established by Cloud Infrastructure Services Providers in Europe (CISPE), places restrictions on the processing of personal data that cloud customers store with providers, defines responsibilities …
OUT-LAW.COM, 16 Feb 2017
Passport

The Register's guide to protecting your data when visiting the US

Getting into America can be tricky at the moment if you have the wrong skin color or the wrong surname. Even though President Donald Trump's crackdown on refugees and Muslim immigrants has been put on hold by the courts, US border officials have got the message: now's the time to make life difficult for some people entering …
Iain Thomson, 14 Feb 2017
Yahoo

Explain! yourself! US! senators! yell! at! Yahoo!

A couple of US senators have accused Yahoo! of not cooperating with their attempts to investigate its now-notorious database security breaches. Republicans John Thune (chair of the US Senate's Committee on Commerce, Science and Transportation) and Jerry Moran (chair of its sub-committee for Consumer Protection, Product Safety …
 Donald Trump . Editorial use only. Editorial Credit: a katz / Shutterstock.com

Grumpy Trump trumped, now he's got the hump: Muslim ban beaten back by appeals court

President Trump has suffered a serious blow to his authority following a decision by a court of appeals against his controversial travel ban. Late Thursday, the Ninth Circuit in San Francisco denied an emergency motion to lift an injunction against the ban, which restricted people from seven Muslim-majority countries from …
Kieren McCarthy, 10 Feb 2017
malware_security_648

Life after antivirus: Reinventing endpoint security

Promo Security professionals still talk about “antivirus defences,” but in the space of a handful of years what is meant by this term has undergone a dramatic shift. On the surface, things look much as they have always done. Businesses still run what used to be called “AV protection,” reinvented some time ago as the all-purpose “ …
John E Dunn, 09 Feb 2017
Joe Kelly

Want to come to the US? Be prepared to hand over your passwords if you're on Trump's hit list

The new boss of the US Department of Homeland Security plans to dig deeper into the lives of some of those wishing to enter the Land of the FreeTM – even going as far as demanding web passwords and banking records. In a Q&A with the House Homeland Security Committee on Tuesday, John Kelly said the previous administration had …
Iain Thomson, 08 Feb 2017

Study shows 'BYOK' can unlock public cloud market for businesses

Businesses would be more likely to use store data in a public cloud environment if they were allowed to "manage and control their own encryption keys", a new study has found. According to the 2017 Thales Data Threat Report, the "bring your own encryption key" (BYOK) concept has been identified as the most popular way to secure …
OUT-LAW.COM, 30 Jan 2017
Woman does a yoga stretch. Photo by Shutterstock

Flexible working is good for you: Follow the leaders and banish the worries

Promo Although flexible working offers significant cost benefits for companies and enhances satisfaction for those employees who are allowed to work at the place and time of their choosing, a recent survey of 1,024 office workers across Australia found that despite the demand, flexible working is being held back by a culture of “ …
Nicole Segre, 29 Jan 2017
Yahoo! billion-record breach notice email

Yahoo! boo! hoo! hoo!: Verizon! hits! brakes! on! $4.8bn! biz! gobble!

Yahoo!'s sale to Verizon has been delayed, following revelations last year of historical data security breaches. News of the deferral of the $4.8bn Verizon deal came as Yahoo! released its Q4 earnings results on Monday. "Yahoo! had previously stated that it expected to close the transaction in Q1," it said. "However, given …
John Leyden, 24 Jan 2017
War Games

IBM stuffs visualization tech into its bulging, uh, security portfolio

IBM has announced a deal to buy data visualization firm Agile 3 Solutions, a San Francisco-based privately held company. The terms of the deal, announced Monday, were not disclosed. The tech allows "senior executives to better visualize, understand and manage risks associated with the protection of sensitive data." In …
John Leyden, 23 Jan 2017

Viral Chinese selfie app Meitu phones home with personal data

PIC The Meitu selfie horrorshow app going viral through Western audiences is a privacy nightmare, researchers say. The app harvests information about the devices on which it runs, includes invasive advertising tracking features and is just badly coded. But worst of all, the free app appears to be phoning some to share personal …
Darren Pauli, 20 Jan 2017

Did somebody say object storage? 9 ways to tell if there's a point

Comment Object storage is a relatively new market segment that has continued to grow steadily and is starting to find more reasons for adoption. For the uninitiated, object stores are used to hold large volumes of unstructured data, where each "object" is essentially a file with no specific format (also called a binary file). Object …
Chris Evans, 18 Jan 2017
Halo 5: Guardians - Microsoft XBOX ONE

DataGravity moves away from arrays to become a virtualised data guardian

Analysis Startup DataGravity laid off staff in February last year and subsequently pivoted away from building and selling its Discovery Series array line to building a shipping virtual appliance using its Discovery Series array software as a basis. DataGravity for Virtualisation (DGfV) runs as a virtual machine and operates in vSphere …
Chris Mellor, 16 Jan 2017
Conceptual illiustration of fifth/sixth dimension. Finger presses light net. pHOTO BY shUTTERSTOCK

Uh-oh. LG to use AI to push home appliances to 'another dimension'

CES 2017 LG Electronics is unveiling a range of home appliances embedded with “deep learning technology” during this year’s Consumer Electronics Show. Riding on the coattails of tech giants like Google, Facebook and Amazon, the hype around deep learning - a branch of machine learning - shows no sign of fatigue as companies like LG are …
Katyanna Quach, 03 Jan 2017

Backup Exec console goes AWOL

Data security biz Veritas says that some users are unable to log on to its Backup Exec console" after installing the November or December Windows 2016 updates. It has patch removal workarounds to fix this. The logon error message, shown below, reads: “BackupExec Management Service was unable to start. Connection open and login …
Chris Mellor, 20 Dec 2016
Australian Parliament House Canberra

Privacy Commissioner, infosec boffins, call for reform of anti-hack Bill

Australian Privacy Commissioner Timothy Pilgrim, together with noted security and privacy professionals, have called for amendments to a Federal Government Bill that would criminalise the identification of Government-issued anonymous data sets claiming it will impinge legitimate research. Federal Attorney-General George …
Darren Pauli, 18 Dec 2016

Veritas lays off a third of its sales staff – merry Christmas, everyone!

Veritas has axed 30 percent of its sales staff in the US and Europe, The Register has learned. The data security biz was spun out of Symantec and entered private ownership just after the turn of the year. The company is based in Mountain View, California, and employs about 7,000 people. We asked Veritas about this festival …
Chris Mellor, 06 Dec 2016
Bad review

Congrats America, you can now safely slag off who you like online

The US Congress has handed over the Consumer Review Freedom Act, which stops businesses from gagging online reviews of their products or services, to President Obama for his signature. With the growth of online review sites like Yelp and TripAdvisor, some businesses have started to require customers to sign contracts that ban …
Iain Thomson, 01 Dec 2016

The Internet Society is unhappy about security – pretty much all of it

The Internet Society (ISOC) is the latest organisation saying, in essence, “security is rubbish – fix it”. Years of big data breaches are having their impact, it seems: in its report released last week, it quotes a 54-country, 24,000-respondent survey reporting a long-term end user trend to become more fearful in using the …

Even big data devs make big data security gaffes

Apache Big Data Europe Big data application programmers routinely download and execute unverified code, opening the door to information-stealing hackers, a security researcher has claimed. Olaf Flebbe, chief software architect at European software integrator Science+Computing, is upset that software engineers have got into the habit of insecurely …
John Leyden, 21 Nov 2016
An upset woman with an empty wallet

Customer data security is our highest priori- ha ha ha whatever, suckers

Something for the Weekend, Sir? I would like it to be known that mine is bigger than yours. And yours is bigger than everyone else's. Only losers waste their time with small. We do big. The IT industry is notably keen on letting us know that everything they do is big, especially when it comes to data security breaches. Cyber-attacks on individuals are never …
Alistair Dabbs, 18 Nov 2016
A businessman in handcuffs

Former Autonomy CFO indicted in USA for misleading investors

Updated The long-running spat between HP and the company formerly known as Autonomy has taken another turn, with Autonomy's former chief financial officer Sushovan Hussain indicted in a San Francisco court last week. The move was immediately criticised by a collective of former Autonomy executives as the Department of Justice (DoJ) “ …
Shock

Recruitment giant PageGroup hacked, Capgemini dev server blamed for info leak

Exclusive Global recruitment giant PageGroup says a hacker infiltrated its network and accessed job applicants' personal information. The miscreant broke into a development system run by IT outsourcer Capgemini for PageGroup, and was able to look up job hunters' names, email addresses, hashed passwords and more. UK-headquartered …
Iain Thomson, 11 Nov 2016

Some! at! Yahoo! knew! about! mega-breach! as! early! as! 2014!

Yahoo! knew it had been compromised by a state-sponsored hackers in 2014 despite not publicly disclosing this crucial information until 2016. The disclosure of some internal knowledge prior to public admission of a problem in September 2016 comes from a recent SEC filling, in paragraphs covering the investigation of the …
John Leyden, 10 Nov 2016
Bank vault

What went wrong at Tesco Bank?

Tesco Bank has enlisted the help of the National Cyber Security Centre (NCSC) following the most serious cyber-attack launched against a UK bank. The attack against the supermarket giant's banking arm involved the theft of £2.5m from 9,000 customers' accounts, funds that the bank quickly reimbursed. Initially theft against 20, …
John Leyden, 10 Nov 2016
Skeptical manager image via Shutterstock

Amazon pitches 'safe and responsible' AWS at suits

Sandwiched between its third-quarter results and re:Invent conference, Amazon's been pitching AWS as production-ready. Amazon wheeled out a host of corporate big names and government super-users to testify to AWS's suitability beyond pure dev and test at a London event on Tuesday. AWS chiefs sought to reassure the suits of …
Gavin Clarke, 08 Nov 2016

No nudes, bloated apps, Android sucks and 497 other complaints about Apple to the FTC

Exclusive Apple and its products prompted almost 500 complaints to the US Federal Trade Commission in the past 22 months – a number that suggests the iGiant has cut the rate at which consumers express dissatisfaction. That of course doesn't include social media ire about the new MacBook Pro. The Register sent a Freedom of Information …
Thomas Claburn, 28 Oct 2016

You've been hacked. What are you liable for?

Hacking is big news and we’re all susceptible. In the UK, hackers could face jail time under the Computer Misuse Act, but the question on many businesses’ minds will be where the liability lies if they are hacked. The list of successful mega breaches continues to grow; extra-marital affairs site Ashley Madison hit the …
Frank Jennings, 14 Oct 2016

That UK law that'll share Brits' private info among govt departments? Yeah, that'll need oversight

Plans to increase the UK government’s access to citizens' private records without the public’s consent should be subject to greater oversight, head of the Information Commissioner’s Office Elizabeth Denham has told MPs. In an evidence hearing with MPs on Thursday, she was addressing the proposals made in part five of the …
Kat Hall, 14 Oct 2016

How does a hybrid infrastructure fit my accreditations?

Security-related certifications such as ISO 27001 and, more particularly, the Payment Card Industry Data Security Standard (PCI-DSS), have stringent requirements regarding the controls on infrastructure, how data is routed and stored around it, and so on. Particularly in the cloud components of a hybrid setup, the control you …
Dave Cartwright, 06 Oct 2016

Source code unleashed for junk-blasting Internet of Things botnet

Malicious code used to press-gang IoT connected devices into a botnet was leaked online over the weekend. The Mirai malware is a DDoS Trojan and targets Linux systems and, in particular, IoT devices. A botnet formed using the malware was used to blast junk traffic at the website of security researcher Brian Krebs last month in …
John Leyden, 03 Oct 2016

Senator! calls! for! SEC! probe! to! be! inserted! into! Yahoo!

A US Senator is calling on the Securities and Exchange Commission to join the queue to administer a kicking to Yahoo!. Yahoo! has admitted hackers accessed about 500 million of its email accounts. The announcement came last week, but the actual hack happened back in 2014. Democrat Senator Mark Warner, who sits on the Senate’ …
John Oates, 27 Sep 2016

NHS hospitals told to swallow stronger anti-ransomware medication

NHS Digital is set to start expanding the range of cybersecurity services available to UK hospitals and clinics. CareCERT (Care Computer Emergency Response Team) launched in November 2015, offering a national service that helps health and care organisations to improve their cybersecurity defences by providing proactive advice …
John Leyden, 09 Sep 2016

HPE crams unloved software down Brits' throats – then charges them $9bn to swallow it

Hewlett Packard Enterprise will eject its non-core software business in what it calls an $8.8bn "spin merge" deal with UK-based Micro Focus. HPE's big data, security, and IT management products – including some of its ex-Autonomy assets – will be spun out into a new company that will merge with Micro Focus. That's a software …
Shaun Nichols, 08 Sep 2016

Hacking mobile login tokens tricky but doable, says reverse-engineer

Mobile apps that generate on-screen tokens for two-factor authentication can be examined and cloned by malware, a security researcher warns. Fraudsters and crooks can take these clones and generate the codes necessary to login into bank accounts and other online services as their victims. Banks are increasingly relying on …
John Leyden, 02 Sep 2016

Victoria Gov tips $6.5M into uni security seeder, city-country farm tech

The government of the southern Australian state of Victoria has tipped A$450,000 (£260,083, US$340,872) to spin up an information security incubator in Deakin University. The university and Dimension Data want the incubator to accelerate the development of technology and industry skills. It will be coupled with a security …
Darren Pauli, 30 Aug 2016

Privacy advocates rail against US Homeland Security's Twitter, Facebook snooping

A proposal to ask people to provide details of their social media accounts before entering the United States has been criticized as "highly invasive" by privacy advocates. A coalition of 28 groups, including the American Civil Liberties Union (ACLU), Center for Democracy & Technology (CDT), Consumer Federation of America, and …
Kieren McCarthy, 23 Aug 2016
storage arrays superimposed on cloudy sky

Actifio adds replication tool to its data copy Swiss army knife

Actifio has added replication to its copy data management software, calling it StreamSnap. StreamSnap is provided as part of Actifio's Copy Data Virtualization platform, which takes a copy of master data and can then generate virtualized copies for test and dev, protection, etc, thus saving the storage space needed for …
Chris Mellor, 22 Aug 2016
Surprised by smartphone

Beauty site lets anyone read customers' personal information

Popular online cosmetics site Strawberrynet has asked customers if a function that allows anyone to retrieve its customers names, billing addresses, and phone numbers with nothing more than an email address is a bug or a feature. The bug was first disclosed almost exactly a decade ago and resurfaced after security man Troy …
Darren Pauli, 22 Aug 2016

Some benefits of digital health to NHS may be delayed by consent model consultation – expert

Opinion The realisation of some digital health benefits within the NHS might have been delayed by the extra requirement for consultation on a new consent model governing the use of patient data. A new consent and opt-out model could help clarify constraints that apply to data use in the NHS and promote new digital health initiatives. …
OUT-LAW.COM, 08 Aug 2016

UK patients should have greater data slurp opt-out powers – report

Patients must be allowed to opt out of their personal data being used for purposes beyond their direct care, a long-awaited report addressing concerns raised by the Care.data debacle has recommended. The report: Review of Data Security, Consent and Opt-Outs by the National Data guardian Fiona Caldicott and the Care Quality …
Kat Hall, 06 Jul 2016

UEFA's Euro 2016 app is airing football fans’ privates in public

The official UEFA Euro 2016 app is leaking football fans’ personal data, security researchers warn. The app is transmitting user credentials - including usernames, passwords, addresses and phone numbers - over an insecure internet connection, mobile security outfit Wandera discovered. The lack of encryption in the app, which …
John Leyden, 01 Jul 2016
Image: Lessimol http://www.shutterstock.com/gallery-1612118p1.html

Hopeless Vic agencies have two years to hit infosec best practice

Government agencies in the Australian state of Victoria will have two years to move from near ground zero to stand up fully-fledged and updated information security, risk, and governance policies. The requirements are a big ask for agencies in the southern state, previously described as in information security turmoil after …
Darren Pauli, 30 Jun 2016
Man with head in the cloud

Single silo in the cloud, looking to mingle: Axcient takes on Cohesity, Actifio

DR-as-a-Service supplier Axcient has extended its offering to provide a single silo in the cloud for five secondary storage workloads, taking on vendors such as Cohesity and Actifio. Axcient CEO Justin Moore said: “Axcient Fusion [replaces] all non-production IT infrastructure with one elastic, cloud-converged platform. ... we …
Chris Mellor, 28 Jun 2016
NBC suit worker image via Shutterstock

You know how that data breach happened? Three words: eBay, hard drives

Users are unwittingly selling sensitive and unencrypted data alongside their devices through the likes of eBay and Craigslist. Secure data erasure firm Blancco Technology Group (BTG) purchased 200 second-hand hard disk drives and solid state drives before conducting a forensic analysis to find out what data was recoverable. …
John Leyden, 28 Jun 2016

Visiting America? US border agents want your Twitter, Facebook URLs

The US Customs and Border Protection (CBP) agency wants to collect links to social network accounts of people visiting the Land of the FreeTM. Under new proposals, each traveler filling out an I-94 travel form or applying for an Electronic System for Travel Authorization (ESTA) visa will be asked for "information associated …
Iain Thomson, 27 Jun 2016
Bear attack

Russian government hackers spent a year in our servers, admits DNC

The US Democratic National Committee (DNC) has confirmed that hackers thought to be part of Russian state intelligence have had access to their servers for nearly a year. They have read emails, chat logs, and opposition research documents. The attack was uncovered six weeks ago, after IT admins noticed something strange was …
Iain Thomson, 14 Jun 2016
US Dollars by https://www.flickr.com/photos/pictures-of-money/  https://creativecommons.org/licenses/by/2.0/ Attribution 2.0 Generic (CC BY 2.0)

Payments security mob updates app guide

The payment application data security standard (PA-DSS) has been updated to help businesses better install, update, and patch their hardware. The guides are a global effort by Visa, Mastercard, and American Express to improve the shabby state of electronic payments around the world through the implementation of baseline …
Darren Pauli, 30 May 2016
Lord_Of_the_Rings_ring

One (storage) protocol to rule them all?

Storage Architect One of the questions posed to the “ask me anything” storage panel at this week’s TECHunplugged event was whether we will ever see a single storage protocol develop. This is an interesting idea and with the move to object storage, seems to have some merit. However, as always with technology, the answer “it depends” seems the …
Chris Evans, 17 May 2016