Articles about Endpoint

Big Blue patches big blooper in Endpoint Manager for mobes

Big Blue has patched a serious hole in its Endpoint Manager for Mobile Devices that allows attackers to gain remote access and compromise connected mobes. Endpoint Manager appears to have been written with Ruby, and the (flaw) means "attackers can create valid session cookies containing marshalled objects of their choosing," …
Darren Pauli, 04 Dec 2014

Zero-day hits Symantec endpoint products

Get patching, sysadmins, there's a zero-day in Symantec Endpoint Protection (SEP). This US-CERT advisory is alerting anyone who ignored Symatec's note about the issue. CVE-2014-3434 is a local access vulnerability with a public exploit. A client buffer overflow can cause a blue-screen-of-death on the client, which could also …
money trap conceptual illustration

Veeam varies virty voyage with free endpoint backup tool

Veeam has set a new price for endpoint backup software: $0. That's £0, ¥0 and €0 for readers beyond the USA. That low, low, price applies to a new product called Veeam Endpoint Backup FREE that pretty much does what it says on the can: install the code on a Windows machine and you can instruct it to back up “files, volumes or …
Simon Sharwood, 10 Oct 2014
Borked computer keyboard

Review: McAfee Endpoint Protection for SMB

Anti-virus – sorry, endpoint security - programs suck. I loathe them and they have been the bane of my professional existence for the better part of 20 years. Despite the crushing, crushing sadness that they cause, the call came down to review Intel Security’s latest endpoint security product, McAfee Endpoint Protection Advanced …
Trevor Pott, 23 Mar 2015
Bitdefender security image

Flaws found in Bitdefender enterprise endpoint manager

Holes have been reported in Bitdefender's Gravity end-point protection platform that allow hackers to target corporate infrastructure. Researcher Stefan Viehbock of SEC Consult Vulnerability Lab said the flaw affecting the latest version provided an entry point for attackers to move laterally through the network. "Attackers are …
Darren Pauli, 17 Jul 2014

Promisec Endpoint Manager: So we gotta cope with BYOD... Help!

Review The explosion of internet-connected gadgets, sensors and other devices that underpins the "internet of things" concept makes my head hurt. When combined with the completely new security model presented by IPv6, BYOD and cloud computing, automation of endpoint management is rapidly becoming non-optional. I've started taking a …
Trevor Pott, 18 Jul 2013

IT security spending to hit $75.4bn in 2015 despite currency issues, says Gartner

Worldwide spending on information security will reach $75.4bn in 2015 – an increase of 4.7 per cent over 2014 – despite a currency-driven price hike causing some customers to delay purchases until next year. Government initiatives, increased legislation and high-profile data breaches are the hot topics shaping the latest …
John Leyden, 23 Sep 2015
Cloud security

Keeping your endpoint data safe: some simple precautions

Sysadmin blog People are out to get you. Your business, your users, your systems and your data all have value to someone. You could be targeted because you have something that someone specifically wants, or because attackers are hoping to find bank account details or email addresses to spam, or because they want your compute power for a …
Adam Fowler, 21 Oct 2013

Malvertising set to wreak one BEELLION dollars in damage this year

Records have fallen as malvertising clocked its most prolific month in history, making it one of the biggest threats to endpoint security. If the scourge continues, criminals will have inflicted a billion dollars in damages by the end of the year from a paltry US$12,000 investment, according to researchers at security firm …
Darren Pauli, 13 Aug 2015
Gorillas by Thomas Wildmann Flickr

Comcast joins the OpenDaylight software-defined networking party

Heavyweight US carrier Comcast has seen the light and wants its input into how software-defined networking (SDN) works. The company has become the OpenDaylight Foundation's first end-user member, although it has been a code contributor. As SDX Central notes, Comcast was involved in the CableLabs contribution, the PacketCable …
Ghosts 'n Goblins fighting a castle on the Bandai Wonderswan

Docker crocker-blocker aims at stopping Docker shockers

When enthusiasm for a technology reaches fever pitch, as it appears to have done for Docker, it can sometimes be easy to forget that using it securely needs a lot more work than clicking on an installer and getting on with things. Enter VMware, Docker and pals, who have together penned a new security guide, which offers …
Darren Pauli, 08 May 2015

Teenage backup biz Code42 gets cash bonanza

End-point backer-upper, file-sharer and security monitor Code42 has just raised a huge chunk of cash to grow its business into the big time. Code42 was founded back in the stone age, 2001, making the company a relatively aged 14. In 2013, it took in its first funding, a substantial $52m in A-round. This was 12 years after it …
Chris Mellor, 06 Oct 2015
Cisco and Veeam's UCS backup scheme

Veeam lobs backup bombs, with Cisco lighting the fuse

Veeam's making waves again, with two new initiatives sure to get backup software rivals – and tin-makers – a little riled. Software rivals have to figure out how to contend with the new free endpoint backup tool the company flagged last October and released today. The tool's pitched at anyone who wants to back up a Windows PC, …
Simon Sharwood, 15 Apr 2015

Big Blue bops modular menace

IBM threat researcher Limor Kessem has found a new modular malware credential stealer that could become a significant enterprise threat. The malware dubbed CoreBot is an advanced tool currently a credential harvester that operates with sophisticated plugins designed to allow VXers to add extra functionality and offensive …
Darren Pauli, 02 Sep 2015

Policing the data hinterlands beyond the corporate firewall

Comment For Code42, the answer to the universe and everything is getting more interesting as it moves from protecting business users’ PCs and notebooks to providing data access security and monitoring tools. The US backup company has undergone recent C-level management changes, including making Joe Payne its CEO in July, and its focus …
Chris Mellor, 23 Sep 2015
management consumerisation

Veritas-free Symantec: what is glittery and easier to slip into?

Efforts to jump start revenue growth at Symantec started today with a revamped channel programme that threatens to shower third party sellers with more cash, coughed more frequently. The Symantec Secure One follows sales declines of enterprise security in three of the past four quarters at the corporation, and comes as it lops …
Paul Kunert, 05 Oct 2015

Hacker drops zero-day, opens FireEye fire sale

US security consultants Kristian Hermansen and Ron Perris have dropped a zero day remote file disclosure vulnerability affecting FireEye kit and say they have another three flaws for sale. The vulnerability disclosure dropped on Exploit-DB Sunday claims the web server runs as root in some FireEye kit, among other security …
Darren Pauli, 08 Sep 2015

Black Hat 2015: 32 SCADA, mobile zero-day vulns will drop

Gird your loins, admins; researchers are set to drop 32 zero-day vulnerabilities at the Black Hat hacking fest in Las Vegas in August. The vulnerabilities have not been disclosed but they will affect mobile devices and Supervisory Control and Data Acquisition (SCADA) systems among other platforms. "We have 32 different zero- …
Darren Pauli, 21 Jul 2015
Roughly 150kg of gold

Veeam-ing all the way to the bank: No IPO for these VM replicants

Comment At a UK temple to old tech, the London Science Museum, storage firm Veeam introduced its new tech, promising replication of VM images to the cloud – and El Reg quizzed two top Veeamers about the company. V9.0 of Veeam’s Availability Suite will add Cloud Connect Replication for Service Providers, using SSL, and be generally …
Chris Mellor, 15 Jun 2015

Palo Alto Networks splashes $US200 million on Cyvera

Palo Alto Networks has announced that it's buying Tel Aviv-based Cyvera for $US200 million, including $US88 million in cash. The attraction is the Israeli company's TRAPS (Targeted Remote Attack Prevention System), an endpoint protection system for Windows machines, which PAN will add to its existing firewall and cloud security …

Backup upstart Code42 is in a world of Payne

Backup and file sync'n'sharer Code42's cofounder CEO has stepped back to bring in a pro to grow the upstart into the big time. Cofounder Matthew Dornquast is shifting to an undefined role as Joe Payne seats himself behind the chief exec's desk. Payne gets a presidential title as well. His CV must have made the Code42 board and …
Chris Mellor, 17 Jul 2015
Facebook privacy image

Crusty API opened Facebook accounts to hijacking

A leftover API that Facebook forgot to kill has left accounts open to spammers and scammers, says security Stephen Sclafani. The flaw means an attacker could view other users' messages and post status updates. Sclafani found that a then mis-configured endpoint, since patched, allowed legacy REST API calls to be made on behalf of …
Darren Pauli, 10 Jul 2014
The Register breaking news

What you can do to enforce endpoint security

Thirty years after the PC was launched, security and management problems for the endpoint seem to be getting worse rather than better. PCs have become more functional, creating a greater surface area for attack. And the number of endpoint devices has proliferated, as tablets, netbooks and smartphones have entered the fray. The …
Danny Bradbury, 27 Dec 2011

Automation eases the pain of software patching

The three biggest challenges for IT managers are security, reliability and performance. Ideally, an organisation’s software will excel at all three but in practice we know that isn’t true. Even the best-laid software development plans let bugs through which can cause problems in all these areas. So patching the organisation’s …
Robin Birtstone, 11 May 2015

Mashed together malware threatens Japanese online banking users

Customers of Japanese banks are on the front line of attacks based on a new and sophisticated banking trojan, mashed together from leaked bits of malware code. Shifu (named after the Japanese word for thief) is targeting 14 Japanese banks as well as electronic banking platforms used across Europe, according to security …
John Leyden, 01 Sep 2015
Derailed train wagon. Pic: New York MTA

UK rail signals could be hacked to cause crashes, claims prof

The rollout of a next generation train signalling system across the UK could leave the network at greater risk of hack attacks, a university professor has claimed. Prof David Stupples warns that plans to replace the existing (aging) signalling system with the new European Rail Traffic Management System (ERTMS) could open up the …
John Leyden, 24 Apr 2015

Trustwave's off to Singapore as Singtel slurps security company

Singapore's dominant telco and aspiring services player, Singtel, has acquired Trustwave for about US$810m. Trustwave offers managed security services and the SpiderLabs ethical hacking research outfit, plus a range of network, content and endpoint security products. The company operates in 26 nations and has 1,200 people on the …
Simon Sharwood, 08 Apr 2015
De Vaartkapoen. Pic: Bianca Bueno

Security software's a booming market. Why is Symantec stumbling?

Worldwide security software revenue totalled $21.4bn in 2014, a 5.3 per cent increase from 2013's revenue of $20.3bn, according to the serious bean counters at Gartner. A decline in consumer security software and endpoint protection — areas that together account for 39 per cent of the market — was more than offset the strong …
John Leyden, 27 May 2015

Cisco makes ACI control more programmable

Cisco has released a command-line toolkit for its Application Centric Infrastructure (ACI), freeing sys admins from the tyranny of the GUI. The company describes its ACI Toolkit as a combination of “an NX OS-like CLI and some custom Python scripts” that cover the most common daily configuration and admin tasks. The toolkit also …

Mozilla peers into processes with student-built forensics probe

Student hackers from the University of Buenos Aires have developed with Mozilla an open-source forensics tool to analyse memory of running processes. Computer science quartet Marco Vanotti, Patricio Palladino, Nahuel Lascano, and Agustin Martinez Suñé are part of Masche Team, who are "highly motivated by coding, security and …
Darren Pauli, 16 Mar 2015

Hidden password-stealing malware lurking in your GPU card? Intel Security thinks not

Fears that malware is hiding in people's graphics chipsets may be overclocked, according to Intel Security. Earlier this year, researchers from the self-styled “Team JellyFish” released a proof-of-concept software nasty capable of exploiting GPUs to swipe passwords and other information typed in by a PC's user. The same …
John Leyden, 01 Sep 2015
Facebook privacy image

Facebook found leaking private photos

Bug hunter Laxman Muthiyah has reported a Facebook vulnerability that exposes private photos to potentially malicious applications. The hacker received US$10,000 from Menlo Park for reporting the bug in Facebook Photo Sync and an API that allows third party apps to siphon private pics. Muthiyah says iOS and Android apps that …
Darren Pauli, 20 Mar 2015
Fastpass logical diagram

Kill queues for fast data centres: MIT boffins

MIT researchers hope to speed up networking inside the data centre with concepts that will look familiar to old networking hacks: they propose a central arbiter for network traffic that picks out a predetermined path before a packet is transmitted. The boffins call the scheme Fastpass, and its other characteristic is that the …

Feared OpenSSL vulnerability gets patched, forgery issue resolved

The promised patch against a high severity bug in Open SSL is out, resolving a certificate forgery risk in many implementations of the crypto protocol. Versions 1.0.1n and 1.0.2b of OpenSSL need fixing to resolve a bug that created a means for hackers to run crypto attacks that circumvent certificate warnings, as an advisory …
John Leyden, 09 Jul 2015
hard step by  cc2.0 attribution no derivs

BlackBerry vows to make even fewer phones

It isn’t just Microsoft that’s going on a drastic phone diet. BlackBerry’s CEO John Chen today indicated that the Canadian enterprise vendor would cut its device portfolio from the four devices previously promised for 2015 to “two or one” a year. “We are reducing jobs, but it is not so much as reducing; we are shifting it, so …
Andrew Orlowski, 24 Jul 2015
Ideal for a summer blast

How to keep track of your flexible workers

It has been two years since Yahoo! chief Marissa Meyer hauled her remote working employees back into the office, intent on eliminating flexible working. The concept is becoming more popular, though, whether people like Ms Meyer like it or not. In June 2014, an amendment to the UK’s Children and Families Act came into effect. …
Robin Birtstone, 23 Jul 2015
Stock market. Pic: Alberto Carrasco Casado

Sophos: We'll have a market cap of £1bn when we IPO

Brit security slinger Sophos’s listing on the London Stock Exchange went live today, giving the firm a market cap of around £1bn – a valuation that has caused a stir among analysts. The intent to float was confirmed weeks ago, with the Oxford-based firm expecting to raise cash to fund the next phase of biz development and rub …
Paul Kunert, 26 Jun 2015
Josh and some superheroes at Spiceworld 2013

CloudMask dons cape and sets foot on the mean streets of Blighty

Cloud-based security services firm CloudMask, whose technology offers to protect sensitive information in the cloud, even in the case of a network breach, launched in the UK on Tuesday. CloudMask's technology works on the premise that no one can be trusted with data - including cloud administrators, governments, employees, and …
John Leyden, 09 Sep 2014

Biz data botherer CommVault slips out fresh do-it-all bundle

CommVault has added additional AWS and Azure support and reveals easier, more targeted ways to buy its all-singing, all-dancing backup/archive/data management product Simpana 10. The AWS and Azure facilities include cloud reporting, end-user self-service provisioning, recovery, software snapshots and virtual machine resource …
Chris Mellor, 22 Aug 2014
Double Facepalm; when one facepalm is not enough.

Oh no, Moto! Cable modem has hardcoded 'technician' backdoor

Researchers at Rapid7 have turned up a set of typically dumb vulnerabilities in Motorola's DOCSIS/EuroDOCSIS 3.0-capable SURFboard SBG 6580 cable broadband modem. The device, which also ships under the Arris brand, has vulnerabilities included hardcoded login credentials that will allow an outside attacker to take control of the …
Funnel of cash. Credit: via SXC –

Symantec: Look at our Q4 numbers ... no, not those ones

The road to separation continues to be anything but smooth for Symantec’s security operation, particularly on the consumer front, as it again suffered from sales shrinkage, unlike the breakaway storage biz. In the last set of full year numbers from the firm, sales fell three per cent to $6.5bn, including a four per cent slip in …
Paul Kunert, 15 May 2015

Cisco adds Ethernet VXLAN BGP support to Nexus switches

Cisco is giving another nod in the direction of support for open software-defined-network standards, announcing support for BGP EVPN on its Nexus 9000. BGP EVPN – Border Gateway Protocol, Ethernet Virtual Private Network – is an Internet draft authored by members from Cisco, Juniper, Verizon, AT&T, Alcatel-Lucent and Bloomberg …
Herdwick sheep walk towards the camera

You can do more with backup than just cloning your data

As we all know, the world of backup is changing, and not just in obvious ways such as the move to disk and cloud-based backup, the adoption of deduplication, the need to copy, back up and restore virtual machines, and so on. First, flash memory and the wider availability of snapshots and replication means that other elements …
Bryan Betts, 23 Jul 2015

PRE-SPLINTERED Symantec's Q2 revenue slips, net profit rises

Symantec has reported mixed second quarter results, with revenue down one per cent on the year, but net profit rising by the same amount. The company saw revenue of $1.62bn for its second fiscal 2015 quarter, compared with revenue of $1.64bn a year ago (a fall of one per cent), and $1.74bn in the previous quarter. Net profit of …
Chris Mellor, 06 Nov 2014
internet explorer 8

Norton Internet Security antivirus update 'borked Internet Explorer'

Users of the world's second best* browser were forced to use alternatives after an overnight update to Norton AntiVirus prevented Internet Explorer from working at all. Aggrieved users who'd thought far enough ahead to install Google Chrome, Mozilla Firefox or any of the other alternatives took to Norton's official forum to vent …
Gareth Corfield, 21 Feb 2015
A large hand flicks an icon of a little red man. Image via shutterstock (Lasse Kristensen)

Micro Focus guillotine will fall more frequently on Novell necks

Novell seems to be bearing the brunt of the mammoth restructuring that parent company Micro Focus is currently executing, say our sources close to the situation. This week, Micro Focus issued a profit warning based on the strengthening dollar and went public on a review of the group – trading brands include The Attachmate Group …
Paul Kunert, 10 Apr 2015
Columns of coins in the cloud

Hybrid IT? Not a long-term thing, says AWS CTO

AWS Summit Hybrid IT — systems that are part on-premises and part public cloud — is simply a path to the cloud, not a destination, Amazon CTO Werner Vogels and told the 3,000 attendees at the AWS (Amazon Web Services) Summit in London yesterday. "We have built a whole set of services that allow you to run seamlessly together [services] on- …
Tim Anderson, 16 Apr 2015

Switches complete Avaya SDN suite

Avaya* has pushed a bunch of switches out the door, and is taking aim at Cisco's ECI in its Fx – Fabric Anywhere – strategy. The switches themselves are fairly straightforward: the ESR 5900 line is a stackable series in 24 port (up to Gbps Ethernet) and 48 port (ditto) configurations. Avaya Australia's director, network …

FireEye buys outfit that lifted the lid on Chinese cyber-espionage

Threat prevention firm FireEye has acquired privately held net security firm Mandiant. The cash and shares deal, announced Monday, is valued at around $1bn. Mandiant is best known for its landmark study into the Chinese APT1 hacking crew last year, which exposed the organisation's tactics and evidence of its links to the Chinese …
John Leyden, 03 Jan 2014

China's web giants unite to defuse Windows XP bombshell

A gaggle of Chinese web firms have come together with a plan to protect Windows XP users in the Middle Kingdom for at least the next two or three years, according to local reports. The unusual step will see messaging giant Tencent, search engine Sogou, software company Kingsoft and several others offer technical support for XP …
Phil Muncaster, 25 Feb 2014