Articles about Endpoint

UK's mass-surveillance draft law grants spies incredible powers for no real reason – review

IPBill An independent review into bulk surveillance powers in the forthcoming Investigatory Powers Bill has warned that there is no proven case to let British snoops hack the planet. The study group examined the UK government’s Operational Case for Bulk Powers [PDF], which provided the government’s reasons for needing the most …
Laptop leaning against a stack of news papers in front of a world map illustration

Unis don't pay ransom

Bournemouth University in the UK was hit by 21 ransomware attacks in the past 12 months, according to records unearthed by a Freedom of Information request. The request was made by endpoint security firm SentinelOne, which also revealed to The Register that 60 per cent of 71 universities it questioned had been hit by …
John Leyden, 19 Aug 2016
Amazon Web Services

IPv6 comes to AWS S3

Amazon Web Services' simple storage service (S3) can how handle IPv6. Amazon's Jeff Barr says S3 buckets “are now accessible via IPv6 addresses via new 'dual-stack' endpoints.” “When a DNS lookup is performed on an endpoint of this type, it returns an 'A' record with an IPv4 address and an 'AAAA' record with an IPv6 address. …
Simon Sharwood, 12 Aug 2016
spy_eye_648

IT security splurge surge

Worldwide spending on information security products and services will reach $81.6 billion in 2016, an increase of 7.9 per cent over 2015, according to research and advisory firm Gartner. Consulting and IT outsourcing are the largest categories of spending on information security, but this is poised to change. In the run-up to …
John Leyden, 09 Aug 2016

Kaspersky upends sofa, finds US$50k for bug bounties

Kaspersky Lab has bowed to the probably inevitable and kicked off a bug bounty programme. The company – whose products have, like everyone in the anti-virus space, been targeted by everyone from Project Zero's Tavis Ormandy down to mum's-basement script kiddies – is hosting bounty at HackerOne. The bounty starts with its …

SentinelOne's $1m ransomware guarantee dismissed as PR stunt

A “ransomware guarantee” from security outfit SentinelOne has been dismissed by critics as a marketing stunt. Ransomware is currently the biggest scourge of internet security, affecting corporates and consumers alike. So self-styled next generation endpoint security firm SentinelOne unsurprisingly created waves with a pledge …
John Leyden, 29 Jul 2016

Hybrid Cloud: The new IT service platform?

So. Hybrid cloud. Let's start with a quick definition, courtesy in this case of TechTarget which describes it as: “a cloud computing environment which uses a mixture of on-premises, private cloud and third-party, public cloud services with orchestration between the two platforms”. I like this particular definition as it sums it …
Dave Cartwright, 28 Jul 2016
Man relaxes, stretches out, outs his feet up on a cloud.... Fun but hammy stock pic. Photo by Shutterstock

Getting comfortable with cloud-based security: Whom to trust to do what

There are some bits of computing that you just don’t want to trust other people with. They’re just too sensitive. But at the same time, there are some things that people can do as well or better than you, for a lower cost. Finding a balance between the two can be tricky, but useful. Take cybersecurity as an example. It’s …
Danny Bradbury, 27 Jul 2016
Acronis_Red_Bull_950

Acronis 12 is fastest backup product out there

French data protection supplier Acronis is making a big move into enterprise data protection with a comprehensive new software release, Acronis 12, a beefed-up marketing team, and a profile-raising one race-only sponsorship deal with the Toro Rosso Formula 1 Grands Prix team. The new SW "takes 35.6 minutes to backup a 180GB …
Chris Mellor, 20 Jul 2016
Welders wearing protective clothing fixing welding and grinding industrial construction oil and gas or water and sewerage plumbing pipeline outside on site. Photo by Andrea Slatter/Shutterstock

Electric Cloud offers cautious corporates Canary choice

Electric Cloud has promised a raft of new deployment options in the latest release of its application deployment platform as it looks to bring the joy of DevOps to even the most crusty and sprawling customers. The San Jose-based firm is one of the most vocal standard bearers for DevOps and Continuous Delivery, and having …
Joe Fay, 20 Jul 2016

Carbon Black snaps up cloud-dwelling threat-sniffing 'next-gen AV'

Endpoint security firm Carbon Black has bought "next-generation antivirus" firm Confer. Financial terms of the deal, announced today, were undisclosed. Carbon Black plans to re-badge Confer’s security software as “Cb Defense” and offer it alongside its existing roster of application control, incident response, and threat …
John Leyden, 19 Jul 2016
Do the right thing on the internet of things

If managing PCs is still hard, good luck patching 100,000 internet things

Internet of Things (IoT) hype focuses on the riches that will rain from the sky once humanity connects the planet, but mostly ignores what it will take to build and operate fleets of things. And the operational side of things could be hell. “IT can barely keep their desktops patched,” Splunk chief technology officer Snehal …
Simon Sharwood, 19 Jul 2016

SCADA malware caught infecting European energy company

Security researchers have identified a strain of malware that has already infected at least one European energy company. The malware, dubbed SFG, is related to an earlier sample called Furtim, that created a backdoor on targeted industrial control systems. This backdoor might be used to deliver a payload which could be used to …
John Leyden, 12 Jul 2016

EU cybersecurity directive will reach Britain, come what May

The passage of the EU Directive on the Security of Network and Information Systems (NIS) will have a profound effect on corporate security across Europe and even in Britain, despite the Brexit vote. The NIS Directive applies to organisations that provide elements of a country’s critical national infrastructure – i.e. operators …
John Leyden, 11 Jul 2016
danger

Attention, small biz using Symantec AV: Smash up your PCs, it's the safest thing to do

If you're using Symantec's Endpoint Protection Small Business Edition (SEP SBE) then you can forget about security for a week or so, as the company won't be patching the "as bad as it gets" security holes in its software for a while. A Register reader who wishes to remain anonymous received an email from Symantec confirming …
Iain Thomson, 06 Jul 2016
Image: Serazetdinov http://www.shutterstock.com/fr/pic-114819721/stock-vector-illustration-of-a-strong-blast-of-brain.html

Zero-interaction remote wormable hijack hole blasts Symantec kit

Scores (or thousands, or millions) of enterprise and home Symantec users are open to remote compromise through multiple now-patched (where possible) wormable remote code execution holes described by Google as 'as bad as it gets'. The flaws are "100 percent" reliable against Symantec's Norton Antivirus and Endpoint according to …
Darren Pauli, 29 Jun 2016

US hospitals hacked with ancient exploits

Attackers have popped three prominent US hospitals, using deliberately ancient malware so old that it slips under the radar of modern security controls to compromise Windows XP boxes and gain network beacheads. The attacks were foiled using deceptive honeypot-style frameworks, according to California-based TrapX. Hospitals …
Darren Pauli, 28 Jun 2016
sale

Confirmed: Dell software sell-off

Dell has confirmed rumors that it is selling off its software division to private equity firms Francisco Partners and Elliott Management. "Francisco Partners and Elliott Management's deep passion for technology and proven track records in nurturing and building software businesses will enable Dell Software's loyal base of …
Iain Thomson, 20 Jun 2016
Bearded man sitting at desk reading from his tablet by hi laptop

S3 cloudo-filer created

WDC and CTERA have developed a joint product that combines HGST's Active Archive System (S3-compliant, scale-out object storage) with CTERA’s Enterprise File Services Platform. Enterprises and CSPs can launch enterprise file services. The two say customers can have enterprise-grade file sharing, data protection, and branch …
Chris Mellor, 20 Jun 2016

Man-in-the-middle biz Blue Coat bought by Symantec: Infosec bods are worried

Analysis Symantec’s deal to to buy Blue Coat, the controversial web filtering firm, for $4.65bn will bolster its enterprise security business. But some security experts are concerned about the potential for conflict of interest created by housing Symantec’s digital certificate business and Blue Coat’s man-in-the-middle SSL inspection …
John Leyden, 14 Jun 2016
Suspicous process detected: Microsoft's Scott Guthrie shows off the Azure Security Center

Microsoft's Scott Guthrie wrote code live on stage for Azure devs

Microsoft’s Executive Vice President of Cloud and Enterprise, Scott Guthrie, came to London’s Mermaid Theatre on 3rd June 2016 to present to around 600 IT folk at the Azure Users Group, at an event called AzureCraft. It is unusual for someone on this page to come to this type of event, and even to engage in the precarious …
Tim Anderson, 06 Jun 2016

It's been a breach-tastic year. And Sophos sales were good, apparently

Operating losses at security software firm Sophos have grown in its first year as a listed company – despite increased sales and an encouraging outlook overall. For the year-ending 31 March 2016, Sophos recorded an operating loss of $32.7 million on revenues of $478.2m. This compares to a loss of $0.5m on revenues of $446.7m …
John Leyden, 26 May 2016
stack of newspapers with a pair of ethernet cables next to them

CentOS Linux 6.8 lands

The CentOS Linux project has unleashed version 6.8 on the world. In line with the Red Hat code-base it's cut from, CentOS 6.8 gets 300 TB XFS filesystem support, and uses the Linux 2.6.32 kernel. There's a slew of security changes in the release: libreswan instead of openswan for VPN endpoint functionality; TLSv1.2 support in …
All IDEs based on JetBrains' IntelliJ IDEA are affected

Patch now: Google and JetBrains warn developers of buggy IDE

Google has emailed Android developers advising them to update Android Studio, the official Android IDE, to fix security bugs. Other versions of the JetBrains IntelliJ IDE, on which Android Studio is based, are also affected. The bugs are related to the built-in web server in the IDE. A cross-site request forgery (CSRF) flaw …
Tim Anderson, 18 May 2016
Bank vault

Yet another SE Asia bank hit by a SWIFT credentials hack

Cybercrooks have once again broken into the SWIFT financial transaction network and stolen money from another bank. The breach – victim and amount looted undisclosed – comes as the fallout from February’s $81m Bangladesh reserve bank cyber-heist continues to spread. The second robbery was uncovered by investigators looking …
John Leyden, 13 May 2016
The Microsoft Graph API is a single endpoint for all things Office

Is Microsoft's Office dev platform ready to go mainstream?

"For the first time we are opening up Office 365 not just as an end-user and an enterprise tool and a service, but as a developer platform," said Microsoft CEO Satya Nadella during the earnings call following the company's latest financial results. Despite Nadella's comment the ability to develop for Office 365 is not new, …
Tim Anderson, 22 Apr 2016
open_door_648

Druva fills luggage with cash, heads to Japan

Startup Druva has taken in fresh funding to pay for expansion into Japan. The company's InSync products protect corporate end-points – notebooks and the like – and it has lately expanded to protect cloud apps. It has set up a subsidiary in Japan, building on existing reseller and MSP deals, and opened an office in Tokyo. NTT …
Chris Mellor, 21 Apr 2016

Cutting edge security: Expensive kit won't save you

We all want to protect our customer and employee data, but as the threat landscape changes and the publicly disclosed data breaches get increasingly larger, our approach may need to change. What constitutes "state of the art" information security in 2016? It’s tempting to create a listicle of 10 shiny new security tools that …
Danny Bradbury, 13 Apr 2016
Man gesticulates furiously in front of parked car. Photo by Shutterstock

Neighbour sick of you parking in his driveway? You'd better hack-proof your car

Car security startup Karamba Security has emerged from stealth with $2.5m in funding and a plan to revamp in-car security. Karamba has developed a technology that hardens the externally-facing electronic control unit (ECU) of cars in order to defend against hack attacks. The software is designed to protect a car's externally …
John Leyden, 07 Apr 2016

Spies rejoice! Gmail, Facebook Messenger BREACHed once again

Black Hat Asia Research pair Dimitris Karakostas and Dionysis Zindros have upgraded their attack (codenamed BREACH) that pierces the web's most common ciphers, and released a framework to help well-heeled hackers and state-sponsored spies spy on the likes of Facebook and Gmail. At Black Hat Asia, the pair demonstrated once again how secure …
Darren Pauli, 04 Apr 2016
Poster for the movie Cable Guy. Copyright:  Columbia Pictures Corporation,

Call the Cable Guy: Wireless just won't cut it

Wireless networking is regarded by many as the way to go for corporate networking. No need for expensive structured cabling, no need to re-patch stuff when someone moves desk, and sufficiently secure to make it suitable for corporate use. I am inclined to agree with that last point: rank up the encryption to WPA2-AES and use …
Dave Cartwright, 01 Apr 2016
Great Hall of the People, seat of Communist party government in Beijing, China. Photo by Shutterstock

Former FBI spy hunter: Don’t trust China on ‘no hack’ pact

A former FBI investigator who helped expose Soviet double agent Robert Hanssen1 warns that enterprises should give up worrying about hackers, “who are now the good guys”, and be more worried about spies. Veteran spy hunter turned infosec exec Eric O'Neill said that espionage has evolved and become increasingly digital as …
John Leyden, 30 Mar 2016
Water Treatment Centre pipe sluices off water. Photo by Joe Jungmann, released into the public domain

Water treatment plant hacked, chemical mix changed for tap supplies

Hackers infiltrated a water utility’s control system and changed the levels of chemicals being used to treat tap water, we're told. The cyber-attack is documented in this month’s IT security breach report (available here, registration required) from Verizon Security Solutions. The utility in question is referred to using a …
John Leyden, 24 Mar 2016
Asleep on the sofa image via Shutterstock

Symantec warns of serious security holes – in Symantec security kit

Symantec is advising users of its Endpoint Protection (SEP) software to update their systems, after three vulnerabilities were reported in the computer defense tools. Two of the bugs – a cross-site scripting (XSS) flaw, and a SQL injection vulnerability – are in the SEP Management Console, a web-based portal you can log into …
Shaun Nichols, 18 Mar 2016
Bruce Schneier

Confirmed: IBM slurps up Bruce Schneier with Resilient purchase

RSA 2016 After nearly a week of rumors IBM has confirmed it has bought incident response firm Resilient Systems and so gained the services of its CTO security guru Bruce Schneier. "We are excited to be joining IBM Security, the industry's fastest-growing enterprise security company," said John Bruce, Resilient Systems' CEO. "By …
Iain Thomson, 29 Feb 2016
Michael Dell, photo: Dell

Dell stares EMC in the eye, doesn't blink, turns up data protection dial

Dell has added new deduping appliances and updated its Rapid Recovery (AppAssure) and NetVault (Quest) backup software, showing no signs of portfolio retrenchment in the face of the oncoming EMC merger. In a multi-product release Dell announced: Rapid Recovery (rebranded AppAssure) ZeroImpact recovery of systems, …
Chris Mellor, 25 Feb 2016

Let's talk over Wi-Fi, says Oracle to folks who don't know Skype exists

MWC16 Oracle's parked its yacht near Barcelona and fired off the usual broadsides of product announcements that accompanies a major conference like Mobile World Congress. Mobile operators in need of a Wi-Fi gateway can throw their hats into the air with the launch of the Oracle Communications Mobile Security Gateway. The gateway's …
HPE_machine_graphic

HPE is going to unleash a Machine on us. Here's how it might play out

Comment At the far end of HPE's storage and compute strategy is the Machine, the dynamically composable infrastructure thing with separately scalable compute, memory/storage and networking resources. It has a huge flat and persistent memory space using storage-class memory (SCM). It was supposed to use memristors, but since that …
Chris Mellor, 12 Feb 2016

GSMA outlines thoroughly sensible IoT security rules

About time: the GSM Association has released a bunch of guidelines to try and address the chronic insecurity of the Internet of Things. The significance of the initiative is that it's been agreed to by a collective of major carriers – the organisation's announcement lists AT&T, China Telecom, Etisalat, KDDI, NTT DOCOMO, Orange …
happy_woman_at_desk

VMware finally gets all its end-user computing ideas together as one

VMware has taken the wraps off what looks like the culmination of several years building an end-user computing business. Workspace ONE is the name of the new product, an odd choice given that arch-rival Citrix offers Workspace Suite and Workspace Cloud. The similarity doesn't end there. Both companies now offer different …
Simon Sharwood, 09 Feb 2016

Word up: BlackEnergy SCADA hackers change tactics

A new BlackEnergy spear-phishing campaign is targeting more Ukrainian firms, including a television channel. A spear-phishing document found by Kaspersky Lab analysts mentions the far-right Ukrainian nationalist political party "Right Sector" and appears to have been used in an attack against a popular television channel in …
John Leyden, 28 Jan 2016

Walmart takes its DevOps platform and piles it high on GitHub

Walmart has delivered on low-price promise and taken a swipe at soon to be arch enemy – by serving its OneOps platform onto Github. The massive grocer – which owns Asda in the UK – promised last year that it would open source the platform, which it is pitching as a way to avoid cloud vendor lock in. It duly announced yesterday …
Joe Fay, 27 Jan 2016
Are you being served?

Serving up IT on a silver platter, also known as ITSM

In the 1950s, we imagined a world where everything was automated. Robots would clean for us, and small boxes would instantly produce hot food. Now, we have the Roomba and the microwave, and shortly, cars that drive themselves. Even Zuck is preparing his electronic butler. To top it all, there’s not a dodgy-looking Jetsons …
Danny Bradbury, 15 Jan 2016

Citrix buys System Center control freak, sells CloudPlatform

Citrix has offloaded its CloudPlatform products to Accelerite, bought Comtrade's System Center Operations Manager management packs and tweaked some of its software. The sale first: Accelerite is a subsidiary of India's Persistent Systems, a software-developer-for-hire that created Accelerite to sell products instead of …
Simon Sharwood, 12 Jan 2016
Joanna Rutkowska of Invisible Things Labs gives talk "Towards (reasonably) trustworthy x86 laptops" at ccc - still from youtube

Trustworthy x86 laptops? There is a way, says system-level security ace

32c3 Security concerns around Intel's x86 processors – such as the company's decision to force the secretive Management Engine microcontroller onto its silicon – have raised fundamental questions about trust in personal computers, whatever architectures they may be based upon. Youtube Video The founder of Invisible Things Labs, …
Example of tidy cabling

Cisco, HPE and Dell: Let's just say 'it's complicated' for now

Sysadmin's 2015 review part 2 With 2015 drawing to a close and 2016 about to begin it's time to reflect on the fact that the world never stops changing. The tech industry certainly changes constantly, and so here's one sysadmin's view of the industry's movers and shakers. In part one, I took a look at Amazon, Oracle and Microsoft. Here in part two I am …
Trevor Pott, 26 Dec 2015
management management

Bookstore sells some data centre capacity, becomes Microsoft, Oracle's nemesis

Sysadmin's 2015 review part 1 With 2015 drawing to a close and 2016 about to begin, it is time to reflect on the fact that the world never stops changing. The tech industry certainly changes, and so here's one sysadmin's view of the industry's movers and shakers. In part one we're going to look at Amazon, Oracle and Microsoft. As I see it, the strategy of …
Trevor Pott, 24 Dec 2015

Sophos grabs ATP-thwarter tech firm SurfRight for $32m

Sophos has paid $31.8m in cash to snap up advanced threat prevention firm SurfRight, with the deal allowing traditionally conservative Sophos to integrate SurfRight’s signature-less endpoint threat detection and response tech into its line of endpoint security products and services. The UK-based company claims the two sets of …
John Leyden, 15 Dec 2015
Panic button

Cisco bitten by Java deserialisation bug, working on patch

November's high-profile Java deserialisation bug has bitten Cisco, with the company announcing vulnerabilities across the board in its huge product line. The problem is so pervasive that it reaches into the most trivial activities of the sysadmin, such as serial number assessment services. The original advisory made by …

Bare metal is not dead, so Borg goes for SDN assimilation

Cisco is continuing to walk the fine line between embracing software defined networking (SDN) and opening things all the way up, announcing the latest refresh of its Application Centric Infrastructure (ACI) environment. The biggest surprise of the latest announcement isn't the various support partnerships The Borg has added, …