Articles about Data Security

Microsoft monopoly

Microsoft in SaaS-y cloud data security slurp

Microsoft has acquired cloud security outfit Adallom. Adallom was founded in 2012 and follows the “R&D in Israel, sales in Silicon Valley” template for a range of data security products for clouds. The company's wares bring data loss prevention and reporting to cloud storage services, offering users the chance to see just who' …
Simon Sharwood, 09 Sep 2015

Stop the war between privacy and security – EU data watchdog

Security and privacy are not mutually exclusive says Europe’s privacy watchdog – and people should stop saying they are. The European Data Protection Supervisor (EDPS), Giovanni Buttarelli, told a Brussels conference he was concerned that “the objective of cyber-security may be misused to justify measures which weaken protection …
Jennifer Baker, 29 Apr 2015

Ex-Microsoftie in worthless Euro netizens data security promise

An ex-Microsoftie has launched a new cloudy startup that promises to keep the data of Europeans "safe" by storing it only within the EU. But that pledge is utterly worthless, given that – for example – NSA chums are still likely to come calling for access to that data from their security counterparts in the 28-member-state bloc …
Kelly Fiveash, 10 Jun 2015

Vic Govt security standards to launch next month

The data security boss for the Australian state of Victoria David Watts says more than 2,500 state government agencies will be required to comply with security benchmarks to be released next month. Watts says the Victorian Government Protective Data Security Framework (VPDSF) he and his team developed is slated for release on 1 …
Darren Pauli, 03 Jun 2015

Hortonworks bags US-gov inspired Big Data tech

Hortonworks is buying dataflow specialist Onyara, making the Hadoop-simplifying tech for use in the Internet of Things (IoT) its third corporate purchase. Financial terms of the deal were not revealed. The deal follows the Hadoop spinner’s purchase of SequenceIQ in April this year and XA Security in the Big Data security …
Gavin Clarke, 25 Aug 2015

Policing the data hinterlands beyond the corporate firewall

Comment For Code42, the answer to the universe and everything is getting more interesting as it moves from protecting business users’ PCs and notebooks to providing data access security and monitoring tools. The US backup company has undergone recent C-level management changes, including making Joe Payne its CEO in July, and its focus …
Chris Mellor, 23 Sep 2015
Takign medicine, image via Shutterstock

Webcast: How to prevent data loss and theft

Register now to watch our live Regcast, where help your business deal with Data Loss Prevention and Data Theft Prevention issues. Watch this video broadcast live at 11:00 GMT on November 12. Handy synopsis for you Data Loss Prevention (DLP) has been in the news for many years, but still organisations manage to ‘accidently’ …
David Gordon, 25 Sep 2015

ISC2 launches security cert training for cloud-defending cherubs

ISC2 has announced the dates of its training courses for its new cloud security certification, created alongside Cloud Security Alliance (CSA), beginning with exam availability in PearsonVUE testing centres from 21 July. The pitch for the ISC2- and CSA-developed Certified Cloud Security Professional (CCSP) certification …

'Security, privacy' main barrier to 'government cloud' rollout in EU

Security and privacy issues are holding back "the cloudification of governmental services" in the EU, according to a new report. The European Union Agency for Network and Information Security (ENISA) said concerns about how sensitive data is protected in a cloud computing environment have not been resolved. It said data security …
OUT-LAW.COM, 04 Mar 2015

Has somebody shared your 'anonymised' health data? Bad news

Researchers from Harvard University have published a paper claiming a 100 per cent success rate in de-anonymising patients from their supposedly anonymised healthcare data in South Korea. The study, which bears the ronseal title of "De-anonymizing South Korean Resident Registration Numbers Shared in Prescription Data", was …

Sysadmins: Your great power brings the chance to RUIN security

Risk management bod Kris French Junior has offered 10 tips to help security teams bin their boring, technical, and uniformed education schemes The Hyland Software education aficionado takes aim at what he sees as pervasive checkbox compliance-driven and complicated training programs that lack the excitement and pizazz of crowd …
Darren Pauli, 28 Jul 2015
Bradley University offer to hackers

Hacked uni's admins hand ID theft prevention reward to data burglars

An Illinois university's sysadmins have seemingly handed data burglars a year-long subscription to LifeLock, an identity alert and credit monitoring system, following a data breach at the US institution which left thousands vulnerable to identity theft. With the best of intentions, Bradley University reacted to being hacked by …

Wanna harvest a stranger's Facebook data? Get a mobile number and off you go

Hackers and other miscreants are able to access names, telephone numbers, images and location data in bulk from Facebook, using only a cellphone number. The loophole was revealed by software engineer Reza Moaiandin. Moaiandin, technical director at UK-based tech firm, exploited a little-known privacy setting in a …
John Leyden, 12 Aug 2015

US government green-lights data swapping for security firms

Security firms looking to share research data with their peers need not fear the US Federal Trade Commission or Department of Justice any more. The FTC and DOJ issued a joint policy statement on Thursday assuring the security community that they will not pursue antitrust cases against companies that share their security …
Shaun Nichols, 10 Apr 2014

EMC buys cloudy Canuck security company CloudLink

EMC has bought CloudLink – a 20-person Canadian firm specialising in cloud data security software – for an undisclosed price. The software is SecureVM, which provides end-to-end data encryption for hybrid clouds, covering both at-rest and in-flight data for virtualised servers. It’s been an EMC Select Partner since 2013 and …
Chris Mellor, 17 Apr 2015
Files on shelves

Connected Data gets serious about the business of file sharing

It’s now available in Europe – yep, Connected Data has upped its peer-to-peer, file sync ’n share game with Transporter for Business, a way of sharing files that has no public cloud security risk at all. The Transporter is a cone-shaped device providing private cloud, peer-to-peer file sharing for consumers. There are some 12, …
Chris Mellor, 04 Mar 2015
Amazon data center

Amazon's clouds are da bomb, say EU data protection watchdogs

Amazon’s cloud services have been declared safe by Europe’s privacy rights watchdogs. The Article 29 Working Party (a group made up of all Europe’s national data protection authorities), led by the Luxembourgish CNPD, has found that Amazon Web Services’ standard contractual clauses meet all the requirements of EU data protection …
Jennifer Baker, 01 Apr 2015

France wants to make les citoyens' health data available to world+dog

Plans to centralise the storage of health data in France are being considered by the French parliament. Draft legislation, which would see a new single national health database created, was backed by the National Assembly earlier this month and is now being considered by the Senate. Under the proposals, five sets of data would …
OUT-LAW.COM, 30 Apr 2015
Cisco 7609 router interface cabling

Troubleshooting feature on Cisco routers is open to data-slurp abuse

Infiltrate A default feature of Cisco routers can readily be abused to collect data, security researchers warn. Embedded Packet Capture (EPC) was designed by Cisco as a troubleshooting and tracing tool. The feature allows network administrators to capture data packets flowing through a Cisco router. Brazilian security researchers Joaquim …
John Leyden, 15 Apr 2015

Home Depot ignored staff warnings of security fail laundry list

Home Depot is facing claims it ignored security warnings from staff, who say prior to its loss of 56 million credit cards, it failed to update anti virus since 2007, did not consistently monitor its network for signs of attack, and failed to properly audit its eventually-hacked payment terminals. The fixer-upper retail giant …
Darren Pauli, 22 Sep 2014

Hacked US OPM boss: We'll fix our IT security – just give us $21 million

The boss of the US government's thoroughly ransacked Office of Personnel Management has – rightly – come in for a rough ride from members of the House Committee on Oversight and Government Reform. Politicians on both sides of the trenches tore strips off the lamentable state of security in the agency, which was raided by …
Iain Thomson, 16 Jun 2015
Smart home

Internet of Thieves: All that shiny home security gear is crap, warns HP

In a recent study, every connected home security system tested by HP contained significant vulnerabilities, including but not limited to password security, encryption, and authentication issues. HP's Fortify on Demand security service assessed the top 10 home security devices – such as video cameras and motion detectors – along …
John Leyden, 10 Feb 2015
Winnie-the-Pooh honey

Business expects data retention will hit their bottom lines: survey

Risk management outfit Protiviti says Australian businesses are fearful that the government's proposed metadata retention scheme is going to cost them. The government is in the throes of considering a two-year retention regime for Australian telecommunications carriers and ISPs. While the Parliamentary Joint Committee on …

GCHQ grants security clearance to Samsung's Knox mobe security

The official containerisation solution for security on Samsung phones and tablets has passed muster with GCHQ. It’s now deemed safe enough for UK government employees to get a Galaxy Note 3, Galaxy S3 S4 or Galaxy S5 all of which run the Korean firm's KNOX software. This is only to the OFFICIAL (PDF) level of security. This is …
Simon Rockman, 16 May 2014

Premera healthcare: US govt security audit gave hacked biz thumbs up

Serious doubt has been cast on the US government's data security regulations after Premera Blue Cross was declared secure by Uncle Sam – just months before the healthcare giant was ransacked for financial and medical information by hackers. The biz underwent a computer security audit by a federal watchdog in January 2014, was …
Iain Thomson, 23 Mar 2015

Trustwave gobbles up Application Security, gorges itself on tech

Data security biz Trustwave has acquired fellow data security provider Application Security, a startup that specialises in automated database security scanning technologies. Financial terms of the deal, announced on Monday, were undisclosed. Privately-held Application Security develops security software for relational databases …
John Leyden, 12 Nov 2013
car hacking

Hacker hijack 'threat': Your car's security is Adobe Flash-grade BAD

Democratic Senator Ed Markey (D-MA) has published a report after questioning 20 automakers about the security of their cars' internal networks – and how much personal data they store. The results aren't great. In short, as we've long suspected, the computers in today's cars can be hijacked wirelessly by feeding specially crafted …
Iain Thomson, 09 Feb 2015
Our Playmobil figure innocently tweeting away at his computer

My employer, comply with data protection law? Don't think so – say 3 in 4 office drones

Less than a quarter of staff at businesses in the UK, France and Germany think their organisation fully complies with data protection laws, according to a new study. Cyber security company Sophos commissioned a survey of 1,500 office workers in the three countries and found that 77 per cent of respondents were not confident that …
OUT-LAW.COM, 03 Oct 2014

Macquarie academics send Gmail a ‘Dear John’ letter

Macquarie University says it will drop Gmail after The Chocolate Factory decided to move its data storage from Europe to the United States. A notice warning staff of the change, from the university’s chief information officer Dr Mary Davies, says the move was prompted by data security fears. In its place the university will …
Bill Bennett, 29 Sep 2015
The Register breaking news

RSA adds Big Data analytics to security service suite

In just under a month, security folks are coming to San Francisco for the annual RSA show, and if Wednesday's announcement from the company is to go by, one of the major themes at conference will be Big Data. At a press conference at its Massachusetts headquarters, RSA unveiled its Security Analytics appliance that's designed to …
Iain Thomson, 31 Jan 2013

Redmond may buy security company it says is wrong about AD flaw

Microsoft is reportedly in talks to buy Israeli security firm Aorato for $200 million after this week pouring cold water on its claim to have discovered a critical flaw in Active Directory. Aorato was founded by former Israeli Defense Force hackers and offers products that detects attacks on against Active Directory. As …
Darren Pauli, 16 Jul 2014
management governance3

New security standard for CHAPS who have your CREDIT CARD data

A new version of the PCI-DSS payment card industry standard was published yesterday, and is due to come into effect at the start of January. The new rules place a greater emphasis on promoting improved security rather than complying with pre-set rules. PCI DSS 3.0 is designed to "help organisations take a proactive approach to …
John Leyden, 08 Nov 2013

Red Hat unleashes EL 7.2 beta on a waiting world

Red Hat has offered up a beta of Enterprise Linux 7.2, touting security, storage management, and expanded container capabilities. The container support the outfit highlights includes enhancements to its OverlayFS and user namespaces. The company says its aiming to support both the migration of existing apps to containers, and …

IBM claims first with Hadoop data security suite

IBM is launching what it claims is the first data security system for Hadoop, as part of its biggest product rollout of security software and services yet seen from the company. Big Blue's not the highest profile security firm, but it has been buying in a lot of talent over the last three years and last year grouped staff and …
Iain Thomson, 18 Oct 2012
Tubbs from the League of Gentlemen. Illustration by Doeth Gwraig

Warning to those who covet the data of Internet of Precious Things

Data generated by devices in the "internet of things" age should be "regarded and treated as personal data", data protection authorities from across the globe have agreed. The watchdogs said it is "more likely than not" that such data can be attributed to individuals. "Internet of things’ sensor data is high in quantity, …
OUT-LAW.COM, 22 Oct 2014
The fashion world’s most privileged urchin lounges in a luxury hotel in Paris, 1993. © Geoff Wilkinson/RexUSA

Hilton hotels in credit-card-stealing malware infection scare

Someone has hacked the Hilton's sales registers, and made off with guests' credit-card details, it's claimed. The hotel chain confirmed today it is investigating the alleged breach of its computer security. Investigative journo Brian Krebs says malware in point-of-sale (POS) terminals is believed to have nicked the card …
Shaun Nichols, 25 Sep 2015

Mandatory data breach laws back on Australian agenda

Australia's on-again, off-again debate about data breach notification laws is on again, courtesy of a report into financial system regulation, at least until the government cans the idea (again). Register readers will recall that a Privacy Alerts bill was proposed by the previous government before the 2013 election, then delayed …
Old Bailey Lady Justice

Microsoft vs, Internet of Stuff, Big Data: Some of 2015's legal cloudy issues

Cloud, Big Data, the Internet of Things are among the hottest topics that vendors are driving in 2015, but there are five legal developments in each that are worth tracking. 1. Microsoft and US government go to court Again, Microsoft is resisting attempts by the US government to get access to the user data it is holding outside …
Frank Jennings, 15 Jan 2015
Gravity image

DataGravity puts a little weight behind protecting your information

Paula Long-led startup DataGravity has updated its Discovery array with a second generation Discovery Series V2 software. DataGravity said its arrays integrate the separate functions of data security, search and discovery, and protection into one platform and provide visibility into data as it's created. The added software …
Chris Mellor, 14 Aug 2015
The Register breaking news

Retailer challenges Visa penalty fees in data security dust-up

In a payment industry first, a sporting-goods retailer has filed a multimillion-dollar lawsuit against Visa, arguing that the penalties the credit card company charges its members for data security breaches are unfair. As reported by Wired, retailer Genesco alleges that Visa seized some $13m in funds from its merchant bank …
Neil McAllister, 12 Mar 2013

It’s 2015 and we're being told not to send credit cards as cleartext

The payments card industry (PCI) council has reviewed its guidance to encourage businesses to stop slinging credit card data in cleartext by giving the tick to encryption solutions built from different components, rather than products that handle every step of data's journey from merchant to banker. The change is reflected in …
Darren Pauli, 03 Jul 2015

Security products: Best of breed or create your own monster?

IT security is not just about antivirus or firewall products anymore. There is a whole layer cake of different product types designed to protect your organisation in different ways. It is a stack, in much the same way as TCP-IP networking or web server functionality has stacks of functionality. The question is, what's the best …
Danny Bradbury, 07 Nov 2014
The Register breaking news

Got a data security policy? Chances are your IT bods don't know it

Advisory firm Forrester Research questioned 2,383 IT workers from five countries for a report called Understand The State Of Data Security And Privacy: 2012 To 2013, but only 56 per cent of those surveyed in North America and Europe said that they were aware of their employers' current data security policies, according to a …
OUT-LAW.COM, 27 Sep 2012
storage arrays superimposed on cloudy sky

What you need to know about keeping your cloud data safe

The first reaction many corporate users – even those who are quite technically aware – have when considering a migration to cloud computing is to worry about data security. It is a fairly natural emotional response of course; you are effectively surrendering a kind of ownership of your data over to a third party. So what if a …
The Bundestag in Berlin. Pic: Hernán Piñera

Banking trojan besieges Bundestag … for the second time

Online banking trojan Swatbanker has been brought into play in a second round of attacks against the German Bundestag, reports security software firm G DATA. Investigation of the configuration files embedded in the malware have revealed that the Swatbanker botnet integrated new filter functions for the domain "Bundestag.btg" – …
John Leyden, 17 Jun 2015
Data breach image

Look out: That data protection watchdog can bite

Despite all the furores, calamities and Snowden-related shenanigans of recent years, the UK’s privacy watchdog remains something of a pussycat, and a lean one at that. Granted powers in April 2010 to fine firms £500,000 for breaches of the various laws it covers, the Information Commissioner’s Office (ICO) has flexed its mini- …
Tom Brewster, 26 Nov 2014

iOS storing enterprise credentials in directory anyone can read

Security bod Kevin Watkins says Apple is storing enterprise credentials in a readable-by-anybody directory that is ripe for data theft. The sandbox vulnerability (CVE-2015-3269) affects all apps that use the managed app configuration setting in devices that have not applied the most recent iOS 8.4.1 update. Watkins says …
Darren Pauli, 21 Aug 2015
Double Facepalm; when one facepalm is not enough.

Don't bother telling people if you lose their data, say Euro bods

Analysis Businesses should not need to notify consumers that their personal data has been lost or stolen if the data has been encrypted, EU ministers have said. Ministers in the Justice and Home Affairs Committee of the EU's Council of Ministers backed the plans as part of a wider partial agreement reached last week on reforms to EU data …
OUT-LAW.COM, 15 Oct 2014

Apple splashes dough to keep Big Cheese safe

Apple spends $699,133 every year to keep chief exec Tim Cook safe, far, far higher than his modest life insurance premium of $2,500, according to an official document. The big figure isn't broken down and comes from a proxy statement filed with the Securities and Exchange Commission. This amount represents: (i) the Company’s …
John Leyden, 10 Aug 2015
Cloud security

Make sure big data doesn't land you in big trouble

Size isn't everything. Big data may be about storing terabytes or petabytes of information but it is also about complexity, and complexity often brings security challenges. Are you ready to handle them? Right now, someone in a marketing or finance role somewhere in your organisation is probably putting together a big data …
Danny Bradbury, 14 Nov 2014