Articles about Information Security

Image by robodread http://www.shutterstock.com/gallery-529180p1.html

Google rushes in where Akamai fears to tread, shields Krebs after world's-worst DDoS

Google has provided free distributed denial of service attack (DDoS) mitigation services to security publication Krebs on Security, stepping in after Akamai withdrew support. The information security site was last week hammered with a 620Gbps DDoS attack, widely rated one of the world's largest by volume of junk data. …
Darren Pauli, 26 Sep 2016

Australian Signals Directorate seeks offensive people

The antipodean spy agency the Australian Signals Directorate is seeking cleaning staff information security personnel for offensive and defensive operations. The Department of Defence agency is seeking warm bodies for "offensive cyber operators", penetration testing, vulnerability research, and development and support roles. …
Darren Pauli, 26 Sep 2016

Australian border cops say they've cracked 'dark net' drug sales

Australian authorities say they can detect dark net transactions. We know this because the nation's Border Force (ABF), the black-shirt wearing guardians of Australia's frontiers, says as much in itstakedown notice of a “31-year-old man from Port Neill” in the State of South Australia. Said man fell foul of a joint ABF and …
Simon Sharwood, 25 Sep 2016
A burning dumpster

Half! a! billion! Yahoo! email! accounts! raided! by! 'state! hackers!'

Updated Hackers strongly believed to be state-sponsored swiped account records for 500 million or more Yahoo! webmail users. And who knew there were that many people using its email? The troubled online giant said on Thursday that the break-in occurred in late 2014, and that names, email addresses, telephone numbers, dates of birth, …
Iain Thomson, 22 Sep 2016
image by Alexander_P http://www.shutterstock.com/gallery-493324p1.html

SWIFT warns of more 'sophisticated' attacks, readies anti-fraud tool

The chief information security officer for global money transfer network SWIFT says banks are still under attack from fraudsters hoping to cash in on identified security gaps to steal millions of dollars. Alain Desausoi, security head of the Society for Worldwide Interbank Financial Telecom made the comments at the Financial …
Darren Pauli, 22 Sep 2016
Person using a card reader

Hackers claim they breached Aussie point-of-sale tech firm, try to sell 'customer DB'

Exclusive Hackers are claiming to have hacked Australian point-of-sale technology (PoS) company H&L Australia, and have been claiming to potential buyers that they had lifted its customer database. They were already offering it for sale for AU$22,000 ($16,580, £12,723) more than two months ago. If indeed they have hacked into H&L, …
Darren Pauli, 20 Sep 2016
Man in helmet looks uncertain, holds up shield. Photo by Shutterstock

National Cyber Security Centre to shift UK to 'active' defence

The head of the UK’s new National Cyber Security Centre (NCSC) has detailed plans to move the UK to "active cyber-defence", to better protect government networks and improve the UK’s overall security. The strategy update by NCSC chief exec Ciaran Martin comes just weeks before the new centre is due to open next month and days …
John Leyden, 16 Sep 2016
Sad, disappointed-looking baby. Photo by Shutterstock

Ransomware scum infect Comic Relief server: Internal systems taken down

Comic Relief’s internal systems are down for the third day running after a ransomware attack on one of the charity’s servers on Wednesday. Founded in 1985 by comedy scriptwriters, the charity behind the UK’s Red Nose Day telethon took down all of its internal systems in the wake of the attack. An email sent on Wednesday to the …
Privacy image

65 expert speakers reveal secure identity management solutions at Biometrics 2016

Promo Need to know to more about the role of biometrics, such as fingerprint, DNA, facial and iris recognition, in identity management? Sign up now for Biometrics 2016, three days of expert insight and discussion in the heart of London from 18 to 20 October 2016. You can get more information and sign up at Biometrics 2016 but here …
David Gordon, 14 Sep 2016
Silhouette of spy discerning password from code uses a command on graphic user interface

Sniffing your storage could lead to sensitive leaks, warn infosec bods

Data from storage devices leaks through electromagnetic radiation to a much greater extent than previously thought, according to new research. Near-field analysis allowed security researchers at MWR Security to infer (or ‘sniff’) data transferred internally within a device. The finding means that resilient systems are far …
John Leyden, 12 Sep 2016

United States names its first Chief Information Security Officer

US president Barack Obama has named the nation's first ever Chief Information Security Officer (CISO). Brigadier General (retired) Gregory J. Touhill has accepted the gig. He previously served as deputy assistant secretary for Cybersecurity and Communications in the Office of Cybersecurity and Communications at the Department …
Simon Sharwood, 09 Sep 2016

CIA-backed big data firm Palantir says secrets pinched by investor

Palantir Technologies says an advisor to the company stole its trade secrets and then tried to use them to claim trademarks and patents. Privately-held Palantir says it makes “data fusion platforms for integrating, managing, and securing any kind of data, at massive scale.” The company is known to number United States …
Simon Sharwood, 07 Sep 2016

UK nuke warhead builders shift IT gear into public cloud

The Atomic Weapons Establishment (AWE) is moving some of its internal tech to the public cloud, in a move to "embrace the opportunities that modern IT can bring". The AWE has a £1bn-per-year contract with the UK Ministry of Defence lasting 25 years covering the design, manufacture and support of warheads for Blighty's nuclear …
Kat Hall, 01 Sep 2016
Image by LuckyN http://www.shutterstock.com/gallery-1795121p1.html

More banks plundered through SWIFT attacks

Criminals have hacked an unspecified number of new banks, using the SWIFT messaging system already implicated in one of the most lucrative breaches in history. Reuters reports SWIFT has sent notices to banks around the world warning of breaches and asking the financial institutions to lift their security game. Hackers of …
Darren Pauli, 31 Aug 2016

OneLogin breached, hacker finds cleartext credential notepads

Password attic OneLogin has been breached, and it's bad, because the service that suffered the breach is one often used by people to store credentials like admin password and software keys. The online credential manager says its Secure Notes facility was breached, allowing the intruder to read in cleartext notes edited between …
Darren Pauli, 31 Aug 2016

Victoria Gov tips $6.5M into uni security seeder, city-country farm tech

The government of the southern Australian state of Victoria has tipped A$450,000 (£260,083, US$340,872) to spin up an information security incubator in Deakin University. The university and Dimension Data want the incubator to accelerate the development of technology and industry skills. It will be coupled with a security …
Darren Pauli, 30 Aug 2016

NewSat network breach 'most corrupted' Oz spooks had seen: report

Defunct Australian satellite company Newsat distinguished itself in a way never known to the public before the company went under: it was so badly hacked it had 'the most corrupted' network the nation's spy agency had encountered. The company's assets were sold off last year after it went into administration. Unnamed sources …
Darren Pauli, 29 Aug 2016

Doing business with Asia? Then worry more about security

Organisations across the Asia Pacific are terrible at information security, a Mandiant report contests. While businesses in the United States will detect a hacker in their networks within four months, in line with the global average, it takes 17 months for those in the Asia Pacific region to notice their intruder. The region …
Darren Pauli, 25 Aug 2016
NSA

Snowden files confirm Shadow Brokers spilled NSA's Equation Group spy tools over the web

Documents from the Edward Snowden archive prove that the malware and exploits dumped on the public internet on Monday originated from the NSA. Among the files leaked by whistleblower Snowden in 2013 is a draft NSA manual on how to redirect people's web browsers using a man-in-the-middle tool called SECONDDATE. This piece of …
Iain Thomson, 19 Aug 2016

IT security pro salaries: Silicon Valley? You'd be better off in Minneapolis

Minneapolis IT security workers enjoy among the highest salaries of any US city while techies in the heart of San Francisco's tech boom region earn a much lower (cost-of-living-adjusted) wage. Minneapolis, MN tops the list with a $127,757 average (adjusted) salary for a IT Security Specialist (more than 27K more than San Jose …
John Leyden, 15 Aug 2016

Cyber-crime cost calculation studies are rubbish: ENISA

ENISA, the European Union Agency For Network And Information Security, has taken a look at “cost of cyber attack” studies and reckons they're not much good. The agency is far too polite to put it that way, but in this report, it says there's no consistent approach to trying to quantify the cost of attacks on what it calls …
spy_eye_648

IT security splurge surge

Worldwide spending on information security products and services will reach $81.6 billion in 2016, an increase of 7.9 per cent over 2015, according to research and advisory firm Gartner. Consulting and IT outsourcing are the largest categories of spending on information security, but this is poised to change. In the run-up to …
John Leyden, 09 Aug 2016
Funnel of cash. Credit: via SXC – http://www.sxc.hu/profile/Leonardini

.security .TLD .launches

Infosec-related top level domains .security and .protection are up for sale with large vendors already moving in. FireEye, Symantec, Microsoft, and IBM have all bought space with the first-mentioned buying .security and .protection domains for FireEye and Mandiant products. Symantec shelled out for office365.protection and IBM …
Darren Pauli, 08 Aug 2016
airplane just kidding shot

Video surveillance recorders riddled with zero-days

There are multiple Web interface vulnerabilities in a network video recorder under Netgear's ReadyNAS brand and various devices by video recording company NUUO. The affected NUUO units are NVRmini 2, NVRsolo, and Crystal. The CERT advisory lists six Common Vulnerabilities and Exposures (CVE) notices attacked to the affected …

Mastercard armours its contactless cards against relay attacks

Elements of the payment card industry have introduced a new contactless payment card security feature, designed to defend against relay attacks. Relay attacks were first demonstrated nine years ago by a team of computer scientists Saar Drimer and Steven Murdoch. The pair also suggested how the security flaw can be mitigated …
John Leyden, 04 Aug 2016
Image by Maksim Kabakouhttp://www.shutterstock.com/pic-362745248/stock-photo-privacy-concept-broken-shield-on-wall-background.html

Microsoft boosts PKI, ISO certs to harden Azure cloud

Microsoft has bumped up security for its Azure cloud platform by adding support for X.509 certificates for device-level authentication, and bagging an ISO integrity ticket. Adding X.509 means Microsoft thinks its cloud will be better at handling internet-of-things traffic to the Azure IoT Hub, according to Azure partner …
Team Register, 04 Aug 2016
Dan Kaminsky

Kaminsky: The internet is germ-ridden and it's time to sterilize it

Black Hat 2016 Dan Kaminsky, the savior of DNS and chief scientist for White Ops, has used the opening keynote of Black Hat 2016 to outline three technologies he has been working on that could make working online a lot safer – if they are adopted. First, and most importantly, Kaminsky has been developing a micro-sandboxing system that spins …
Iain Thomson, 03 Aug 2016
Customer service motivation cube

What's Niu? No longer profitable, revenues down... but we're hiring!

Once-profitable managed services business Niu Solutions is now burning cash and CEO Shaun Ledgerwood reckons the company will take three years to get back in the black. Based in Surrey, Niu Solutions flogs services to the retail and financial sectors, collecting monthly fees on contracts ranging from one to five years. …
Symantec director government affairs Brian Fletcher (left) with Microsoft assistant general counsel Cristin Goodwin. Image: Darren Pauli, The Register.

Microsoft and pals re-write arms control pact to save infosec industry

Microsoft and a team of concerned engineers from across the security sector have joined forces to suggest a major re-write of the arms control pact the Wassenaar Arrangement, as they fear the document's terms are a threat tot he information security industry. The pitch is the result of brainstorming by the group to redefine …
Darren Pauli, 21 Jul 2016

Governments Googling Google about you more than ever says Google

Google has published its latest “Transparency Report”, the disclosure in which it reveals how many times governments asked it to cough data on users. And this time around there's mixed news. In the “yikes!” column is the fact that governments asked Google for data 40,677 times between July 1 and December 31 of 2015, and asked …
Simon Sharwood, 19 Jul 2016
Mr Robot: Credit USA Network

World's worst exploit kit weaponises white hats' proof of concept code

The new wearer of the crown for World's Worst Exploit Kit is compromising users with exploit code for a dangerous new attack published by a white hat researcher. Neutrino is the new king of for-profit p0wnage packages, a market in which criminals create tools to compromise scores of users through the latest vulnerabilities. …
Darren Pauli, 18 Jul 2016

Symantec, Intel carve out diminishing slice of growing security market

Worldwide security software revenues rose 3.7 per cent to reach $22.1bn in 2015, according to analyst Gartner. Security information and event management (SIEM) remained the fastest-growing sub segment of the cybersecurity biz last year, experiencing 15.8 per cent growth. By contrast, consumer security software recorded a 5.9 …
John Leyden, 14 Jul 2016

Infosec bods NCC walk away from the domain services biz

UK-based infosec consultancy NCC Group is withdrawing from the domain services biz while retaining domain security capability. The tactical switch was announced as NCC reported revenues up 56 per cent to £209.1m in the 12 months to 31 May 2016, compared to £133.7m in its previous financial year. NCC’s adjusted pre-tax profits …
John Leyden, 07 Jul 2016

EU uncorks €1.8bn in cybersecurity investment. Thirsty, UK?

The EU Commission has launched a public-private partnership on cybersecurity that is expected to trigger €1.8bn ($2bn) of investment by 2020. The EU is promising to invest €450m ($502m) in a bid to spur innovation in cybersecurity with the remainder coming from the private sector. Some security commentators reckon the Brexit …
John Leyden, 05 Jul 2016
Image: Lessimol http://www.shutterstock.com/gallery-1612118p1.html

Hopeless Vic agencies have two years to hit infosec best practice

Government agencies in the Australian state of Victoria will have two years to move from near ground zero to stand up fully-fledged and updated information security, risk, and governance policies. The requirements are a big ask for agencies in the southern state, previously described as in information security turmoil after …
Darren Pauli, 30 Jun 2016

Medicos could be world's best security bypassers, study finds

Medicos are so adept at mitigating security controls that their bypassing exploits have become official policy, a university-backed study has revealed. The work finds that nurses, doctors, and other medical workers will so often bypass information security controls in a bid to administer rapid health care that the shortcuts …
Darren Pauli, 27 Jun 2016

Australia's Defence Department tips AU$12M to seat spies with students

The Department of Defence has tipped A$12 million (£6.1 million, US$9.1 million) into an information security facility to attract new blood by housing signals spooks alongside Australian National University academics. The "unusual" pairing is hoped to attract skilled students into the information security field and the country …
Darren Pauli, 24 Jun 2016
Happy man holds flag of Israel. Pic: Shutterstock

Israeli cybersecurity boom 'sustainable', argues industry’s father

Israel cyber week The "father" of Israel's cybersecurity industry reckons the unprecedented growth in its security startup industry can be sustained. Isaac Ben Israel, who heads the Interdisciplinary Cyber Research Center (ICRC) at Tel Aviv University, estimates there are 400 cybersecurity firms in Israel. Together with more established …
John Leyden, 22 Jun 2016

No watershed: China hacker groups in decline before Xi-Obama deal

The US-China pledge to put an end to state-backed intellectual property theft was made when Middle Kingdom hacking groups had been receding for more than a year, researchers say. Presidents Barack Obama and Xi Jinping agreed September to not "conduct or knowingly support cyber-enabled theft of intellectual property" in a move …
Darren Pauli, 21 Jun 2016

Hack the Pentagon shutters 100 bugs

White hats have found more than 100 vulnerabilities in Pentagon infrastructure under its bug bounty program. Some 1,400 hackers participated in the Hack the Pentagon bug bounty program handing out up to $US14,000 for disclosures of the worst vulnerabilities. US Defense Secretary Ashton Carter told the Defense One conference …
Darren Pauli, 14 Jun 2016
twitter_765456_648

Twitter resets passwords

Twitter has reset an unknown number of accounts following the offer of millions of usernames and passwords for its service for sale on the dark web. Although the social media company continues to insist that its systems were not compromised, in a blog post its Trust & Information Security Officer Michael Coates said the …
Kieren McCarthy, 10 Jun 2016
Hacker cons. Image: Darren Pauli

The rise and rise of Australia's community hacking conferences

Special report In Australia and New Zealand, hackers are doing it for themselves by creating vibrant security conferences that run on their own terms and actively avoid the corporate-speak and fear-mongering that characterises so many vendor-led events. These conferences, or "cons", are booming and showcase security skills that rival the …
Darren Pauli, 06 Jun 2016
Captain Mainwaring

Will you get reimbursed if you're a bank fraud victim? Brits think not

Bank customers worldwide are often in the dark about whether or not they’ll be reimbursed for fraudulent transactions. Customers’ understanding of bank terms and conditions is often sketchy, according to a international study by academics. The researchers found that there is significant variation worldwide, and even within …
John Leyden, 06 Jun 2016

The least stressful job in the US? Information security analyst, duh

Everyone knows that being an infosec analyst is a cushy job – but did you know quite how much? Because according to job website CareerCast, it is literally the least stressful job in the country. The company measured 11 stress factors, including the amount of travel, deadlines, competitiveness, physical demands, risk to your …
Kieren McCarthy, 02 Jun 2016
Ben Mezrich, Once Upon a Time in Russia: The Rise of the Oligarchs and the Greatest Wealth in History

Infosec newbie looking for entry level training? So is SWIFT

International payments clearing-house SWIFT wants extra hands to keep its stable doors closed. In a job ad that inexplicably fails to mention the hundreds of millions of dollars missing, in a variety of currencies because of astonishingly-lax security, it seeks an information security trainee. As previously documented, SWIFT' …

Blighty's National Cyber Security Centre cyber-reveals cyber-blueprints

The UK government has released the prospectus for its National Cyber Security Centre (NCSC), ahead of the launch of the facility this Autumn. The blueprint [PDF] outlines that the NCSC will act as a hub for sharing best practices in security between public and private sectors, and will tackle cyber incident response. As …
John Leyden, 26 May 2016
Frustrated accountant puts head in hands. Photo by Shutterstock

Insure against a cyberwhat now? How the heck do we crunch those numbers?

The head of a UK industry insurance organisation has called for the government to create a database where companies would be obliged to “record details of cyber attacks”. Insurers are struggling to assess premiums for newly introduced cyber insurance policies in the absence of background info, according to the head of the …
John Leyden, 24 May 2016
Janus

ENISA / Europol almost argue against crypto backdoors

While the FBI, in the person of James Comey, continues its campaign to persuade the tech sector that mathematics isn't that big a thing and therefore backdoors are feasible, The European Union Agency for Network and Information Security (ENISA) and Europol have tip-toed around the issue, issuing a joint statement that both …

Europe adopts new cybersecurity rules for key players

The European Council has adopted new cybersecurity rules to make networks and information services across the European Union safer and more secure. The network and information security (NIS) directive [PDF] will require providers of essential services – such as energy, transport, health and finance – and "digital service …
Kieren McCarthy, 18 May 2016
Furnace by https://www.flickr.com/photos/changeable_fate/ cc 2l0 attribution generic https://creativecommons.org/licenses/by/2.0/

Hackers tear shreds off Verizon's data breach report top 10 bug list

Information security boffins have pilloried Verizon's latest data breach report, suggesting its list of top security vulnerabilities do not represent reality. The 2016 Data Breach Investigations report [PDF] is Verizon's ninth in the series drawing on a wider pool of data including some 100,000 security incidents and 2260 data …
Darren Pauli, 12 May 2016