Feeds

Articles about Information Security

Trustwave gobbles up Application Security, gorges itself on tech

Data security biz Trustwave has acquired fellow data security provider Application Security, a startup that specialises in automated database security scanning technologies. Financial terms of the deal, announced on Monday, were undisclosed. Privately-held Application Security develops security software for relational databases …
John Leyden, 12 Nov 2013

Japan needs 80,000 EXTRA info-security bods to stay safe

Japan has an 80,000 shortfall in infosec professionals, and needs to provide extra training for more than half of those currently in the industry, if it’s to protect key IT systems from attack, according to the government. A government panel of information security experts met back in June to draw up a long term plan to address …
Phil Muncaster, 09 Oct 2013
Job cuts jpeg

Layoffs at EMC's RSA security division

RSA, the security division of EMC, has confirmed plans to restructure its business, a move than means an unspecified number of long-term staffers will be shown the door. Details are scarce, for now, but RSA said that it plans to make new hires that will more than offset job losses by start of 2014. It wrote in an email: While …
John Leyden, 20 Sep 2013
Diversion

Email-sniffing Linkedin Intro NOT security threat, insists biz network

LinkedIn, the social network for suits, has come out in defence of its LinkedIn Intro app after security researchers panned it for making users' emails vulnerable to hackers. LinkedIn Intro is an iOS application that allows iPhone or fondleslab users to route their email through so that they receive background information on an …
John Leyden, 29 Oct 2013

Energy firms' security so POOR, insurers REFUSE to take their cash

Underwriters are reportedly refusing to insure energy firms because poor security controls are leaving them wide open to attacks by hackers and malware infestations. Lloyd's of London told the BBC they had seen a surge in requests for insurance from energy sector firms but poor test scores from security risk assessors means that …
John Leyden, 27 Feb 2014
Parliament in the clouds

Home Office launches £4m cyber security awareness scheme

The UK Home Office has launched a new £4m information security awareness campaign, designed to educate businesses and consumers about rising hacker threats. The first stage of the campaign is due to get underway in the autumn. The scheme will sit alongside other more established information security initiatives, such as Get Safe …
John Leyden, 24 Jun 2013

KPMG cuts its funding for UK.gov's Cyber Security Challenge

KPMG is cutting back on its sponsorship of the UK government-backed Cyber Security Challenge after concluding the puzzle-based focus of the competition is failing to attract the right kind of potential recruits into the infosec profession. Senior security staff at the professional services firm told Computing that it was scaling …
John Leyden, 17 Jan 2014

DARPA slaps $2m on the bar for the ULTIMATE security bug SLAYER

It's a bad day for the vulnerability scanning industry: DARPA has announced a new multi-million-dollar competition to build a system that will be able to automatically analyze code, find its weak spots, and patch them against attack. Mike Walker, DARPA program manager, said that the challenge was to start a "revolution for …
Iain Thomson, 22 Oct 2013
management governance3

New security standard for CHAPS who have your CREDIT CARD data

A new version of the PCI-DSS payment card industry standard was published yesterday, and is due to come into effect at the start of January. The new rules place a greater emphasis on promoting improved security rather than complying with pre-set rules. PCI DSS 3.0 is designed to "help organisations take a proactive approach to …
John Leyden, 08 Nov 2013

RSA boss demands revamp of outdated privacy, security regs

Corporate security policies that simply adopt regulations and obsess over privacy are stuck in the last century, according to senior execs at security biz RSA. Tom Heiser, president of the EMC-owned outfit, told delegates to the RSA Europe conference that efforts to comply with red tape and standards is fruitless as the rules …
John Leyden, 10 Oct 2012
The Register breaking news

Google offers limited data on National Security Letters

Google has expanded its semiannual Transparency Report to include data about National Security Letters (NSLs) – albeit only a very small amount of data, given the strict secrecy that continues to surround the controversial documents. NSLs are letters written by US government agencies – usually the FBI, but occasionally such …
Neil McAllister, 05 Mar 2013
The Register breaking news

PayPal security boss: OBLITERATE passwords from THE PLANET

PayPal has declared war on the password - and wants a better way for folks to perform open sesame on their own internet accounts. Speaking at the Interop security conference in Las Vegas yesterday, Michael Barrett, chief information security officer at PayPal, talked about his work to create an open standard that could remove …
Jasper Hamill, 10 May 2013
The Register breaking news

Step forward the chief information security officer

What does the modern chief information security officer (Ciso) look like? The role used to be little more than acting as a glorified sysadmin but things have changed. These days, Cisos must be all-rounders, concentrating not just on technology but on business too. “In recent years, the role of the Ciso has become more business …
Danny Bradbury, 15 Nov 2011
The Register breaking news

UK faces hacking doom, but think of the money, security startups!

The UK government is hit by more than 33,000 pieces of malicious email a day, ranging from casual phishing to targeted espionage attacks. Chloe Smith, minister for political and constitutional reform at the Cabinet Office, told delegates at the Infosecurity Europe conference on Wednesday that despite this onslaught cyber …
John Leyden, 25 Apr 2013
The Register breaking news

Samsung: Smart TV security hole is so minor we'll fix it immediately

Samsung has downplayed the significance of a data-leaking security bug in its Smart TVs, but promised to close the hole by January. Earlier this month Malta-based startup ReVuln said it had discovered a vulnerability that allows hackers to remotely copy data off USB drives connected to a Samsung TV LED 3D and other Smart TVs, …
John Leyden, 19 Dec 2012
management regulation2

Japan preps new law to bolster government cyber defences

Japanese lawmakers are urgently preparing a new bill designed to allow the government’s information security agencies cut through the bureaucracy that is crippling their ability to deal with online threats. The proposed law would give the National Information Security Centre (NISC) and its Government Security Operation …
Phil Muncaster, 12 Mar 2014
The Register breaking news

Russian cops lack kit to fight cybercrooks, says Brit security buff

A shift in perspectives in Russia over the last 18 months means the country has ceased to be a safe haven for cybercrime. Crackdowns on e-crime have taken place in the past, most notably the successful prosecution of the extortionists who were behind denial-of-service attacks against online bookmakers. However, the perception …
John Leyden, 06 Jun 2013
French cartoon, 1790: devil disguised as man walking tightrope

Happy now? Mobiles, cloud, big data now 'a growing security risk'

Innovations in mobile and cloud computing, social technology and the use of "big data" present an emerging risk to organisations' IT security, experts have warned. The European Network and Information Security Agency (ENISA), which is an EU advisory body, said that those technologies would increasingly provide the platform for " …
OUT-LAW.COM, 11 Jan 2013
The Register breaking news

Tablet security study finds BlackBerry still good for something

A technology audit has identified security failings in three of the most popular tablets, raising concerns about the security implications of allowing workers to use their personal technology at work. A study by Context Information Security looked at Apple's iPad, Samsung's Galaxy Tab and RIM's BlackBerry PlayBook, and concluded …
John Leyden, 05 Oct 2012

UK unis, McAfee collude to beat collusion attacks

The UK's Engineering and Physical Sciences Research Council (EPSRC) is backing research designed to improve detection of “collusion” between malicious apps on the Android platform. Collusion attacks use malicious apps with different levels of permissions to bypass Android access controls. For example, one app might request …
The Register breaking news

Last chance to vote for new sheriffs of security town

Friday marks the final day to submit votes for this year's election of directors to the (ISC)2 security certification body. (ISC)2, which administers the widely recognised Certified Information Systems Security Professional (CISSP) qualification, has around 80,000 members and several vocal critics in the infosec community. …
John Leyden, 30 Nov 2012

Cyber battle apparently under way in Russia-Ukraine conflict

Ukraine's mobile phone infrastructure is under attack: with equipment installed in Russian-controlled Crimea interfering with the phones of members of parliament, a senior Ukrainian government official alleges. The head of Ukraine's SBU security service told a press conference on Tuesday that the attack has been running for at …
John Leyden, 04 Mar 2014
The Register breaking news

Battered Sony hires cyber-security chief

Sony is beefing up its security staff after the devastating hacking attack in April that crippled the Playstation Network for 23 days and led to the potential exposure of millions of users' account information. The company has picked former US Department of Homeland Security exec Philip R Reitinger to fill the role of senior VP …
The Register breaking news

Obama's new cyber-security tactics finger corrupt staff, China

The White House has unveiled a fresh strategy for combating the theft of American trade secrets - days after a high-profile Chinese cyber-espionage campaign against US corporate giants was exposed. The strategy, outlined in a 141-page report [PDF] published on Wednesday, focuses on a five-part plan featuring diplomatic efforts, …
John Leyden, 21 Feb 2013
The Register breaking news

Europe UNDER ATTACK in simulated cyber security test

European banks teamed up with information security agencies and governments to run a DDoS cyber-attack preparedness exercise today. Cyber Europe 2012, a simulated cyber security attack involving 300 cyber security professionals, is being co-ordinated by European Union security agency ENISA. It's the second exercise of its type, …
John Leyden, 04 Oct 2012
Homer Simpson reading on a tablet

Target IGNORED hacker alarms as crooks took 40m credit cards – claim

Staff at US chain Target reportedly failed to stop the theft of 40 million credit card records despite an escalating series of alarms from the company's computer security systems. Bloomberg Businessweek claims that security technology from FireEye detected the malware-powered hack – but Target staff failed to act on the alerts, …
John Leyden, 14 Mar 2014
Thurber-esque cartoon of duck tapping typewriter

Getting documents all too easy for Snowden

Yet more evidence has emerged that the NSA, which has made much of its apparently god-like power to stroll into anybody's network, read anybody's data, and find any target it wants, is a neophyte when it comes to its own information security. If a report published in the New York Times is correct, all Edward Snowden did to …
The Register breaking news

Psst, UK software devs: Up for a Cyber Security Challenge?

A new Cyber Security Challenge UK competition aimed at finding people to protect the country against future Stuxnet-style attacks was launched on Wednesday. Previous Cyber Security Challenge competitions focused on crypto-cracking, penetration testing and malware forensics – but this is the first competition in the challenge …
John Leyden, 18 Jul 2012
Delia Derbyshire behind the custom built 20-channel mixing desk

Yes, the BBC still uses FTP. And yes, a Russian crook hacked the server

A BBC FTP server ftp.bbc.co.uk was compromised by a Russian hacker and access to it touted online, say computer security researchers. The miscreant behind the attack on the internet-facing file store tried to sell access to the infiltrated system to other crims on Christmas Day, we're told. Hold Security – which this year has …
Chris Williams, 30 Dec 2013

Post-BT crypto guru Schneier gets new gig at startup

Famed cryptographer and security guru Bruce Schneier has moved on from his seven years at BT. Just one month later, he has accepted the role of CTO at incident response startup Co3 Systems. Schneier left BT last month following a seven-year association with the telco giant by mutual consent. Both parties were keen to stress that …
John Leyden, 06 Jan 2014
The Register breaking news

UK biz pays heavy price for skimping on security - PwC

Hacking attacks against Blighty's top firms hit a record high according to figures for 2011. On average, each large organisation suffered 54 significant digital assaults in that 12-month period, twice the level in 2010, while 15 per cent – one in seven – had their networks successfully penetrated by unauthorised parties. The …
John Leyden, 24 Apr 2012
GCHQ is following you on Twitter, Faceboo, email...

GCHQ's CESG CCP 4 UK GOV IT BFFs? LOL RTFA INFOSEC VIPs ASAP

Britain's global eavesdropping nerve-centre GCHQ hopes to turn its certificates of IT security competence into an industry standard - by awarding them to bods in the private as well as public sector. The CESG (Communications-Electronics Security Group) Certified Professional scheme (CCP) was launched in October, and is handed …
John Leyden, 01 Oct 2013

Kick us as hard as you like, RIGHT IN THE CYBERS, says Japan

Japan will today follow the UK’s lead by carrying out a major cyber security drill which will see ethical hackers attempt to infiltrate and disrupt 21 government departments. The drill is designed to test the country’s emergency response capabilities to the full as Tokyo prepares to host the games in 2020. London carried out a …
Phil Muncaster, 18 Mar 2014

Two in five Brits cough up for CryptoLocker ransomware's demands

Around two in five people who fall victim to CryptoLocker have agreed to pay a ransom of around £300 to recover their files, according to a survey of victims. Researchers from the University of Kent quizzed a total of 48 people who had been affected by CryptoLocker. Of the sample, 17 said they paid the ransom and 31 said they …
John Leyden, 28 Feb 2014
The Register breaking news

UK boffins get £3.8m pot to probe 'science of cyber-security'

GCHQ, the UK's nerve-centre for eavesdropping spooks, has established what's billed as Blighty's first academic research institute to investigate the "science of cyber security". The lab - which was set up with the Research Councils' Global Uncertainties Programme and the government's Department for Business, Innovation and …
John Leyden, 14 Sep 2012
A map of Europe's solar potential

Euro computer emergency teams need better support – ENISA

Europe – via ENISA, the EU network and information security agency – is setting its shoulder to the Sisyphean task of trying to align its various national Computer Emergency Response Teams (CERTs). The problem, the agency says in a new paper published here, is that there's a lack of cross-border coordination of Computer …
hands waving dollar bills in the air

Reconceptualising IT security

Traditional approaches to information security are incapable of dealing with today's threats. Just as the attackers have evolved, so the security industry needs to adopt new architectural models and techniques to deliver appropriate protection without imposing unnecessary costs. In a nutshell this is the thesis of our latest …
Miatta Momoh, 14 Apr 2011

AU domains on security alert

Australia’s self-regulatory domain name registration regime is set for a shake up, following a proposal from governing body auDA that calls for the introduction of a mandatory information security standard (ISS) for all existing and potential registrars. The requirement for all .au registrars would be a “world first” requirement …
Neiman Marcus Massachusetts HQ: pearlescent gold and silver building surrounded by lush plants against a blue sky.

Hackers slurp credit card details from US luxury retailer Neiman Marcus

Upmarket US department store Neiman Marcus has been hit by hackers who broke into systems before lifting an as-yet-unspecified number of credit and debit card details. Neiman Marcus confirmed a security breach in a series of updates to its official Twitter account and apologised, without detailing the extent of the problem or …
John Leyden, 13 Jan 2014
The Register breaking news

Infosec and B-Sides: Security biz exhibitions face off in London

Infosec and B-Sides both came to London this week to display the contrasting faces of the information security industry. Crowds at Infosec proceed in an orderly manner through the various exhibits (before the cry of "Open bar!" was heard, natch)... InfoSec Europe, in London's Earls Court, played host to government bigwigs …
John Leyden, 26 Apr 2012

'Good job, NSA! You turned Yahoo! into an encryption beast'

Yahoo! has announced major encryption improvements designed to thwart dragnet surveillance efforts by the likes of the NSA. Alex Stamos, Yahoo!'s recently appointed CISO (chief information security officer), said the internet giant has finished encrypting traffic between its data centres. Stamos also outlined a roadmap for …
John Leyden, 03 Apr 2014
Huawei campus Shenzhen

Huawei rakes in £2 BEEELLION in profits

Chinese tech success story and NSA spy target Huawei has seen profits jump by a third over the past year to 21 billion yuan (£2bn) on the back of strong growth from its enterprise and consumer businesses. The Shenzhen-headquartered firm cemented its place as one of the Middle Kingdom’s most internationally successful technology …
Phil Muncaster, 01 Apr 2014

Seoul to train 5,000 infosec pros

The South Korean government is planning to train up 5,000 information security experts to address the growing threat from Pyongyang and a shortage of home-grown talent. The science and technology ministry said that the shortfall of information security professionals in the country currently numbers 1,749, rising to an expected 2 …
Phil Muncaster, 09 Jul 2013
EE 4G banner

EE rolls out Brightbox fix... but it WON'T stop packet sniffers, DNS meddlers – infosec bod

EE is rolling out an update to its BrightBox routers to fix a series of vulnerabilities which allowed hackers to access the devices by a simple copy and paste operation. Scott Helme, the security researcher who first discovered the flaws, told El Reg the latest update resolves two of the three most serious problems he found. …
John Leyden, 07 Feb 2014

'Four horsemen' posse: This here security town needs a new sheriff

As the overpriced beers flowed and dusk approached in central London pubs surrounding the venue of RSA Europe last week, talk often turned towards the (ISC)2 security certification body. (ISC)2, which administers the widely recognised Certified Information Systems Security Professional (CISSP) qualification, was "a waste of …
John Leyden, 18 Oct 2012
The Register breaking news

DoC calls for security standards, co-operation

The US Department of Commerce is broadening its attention beyond the critical infrastructure sector, proposing security codes of conduct for the rest of the Internet economy. Its new report, Cybersecurity, Innovation and the Internet Economy, has a wide scope, from the small business with a Website through to social networks and …
The Register breaking news

Ministry of Justice signs for info security service

The Ministry of Justice (MoJ) has signed a contract with BAE Systems Detica for a managed service covering its information security. While the value of the two-year deal has not made available, the company said it will take on the delivery risk. Work will be carried out for a fixed price, with Detica bearing any unforeseen …
cloud

Truly secure clouds? Possible but not likely say Georgia Tech boffins

Georgia Tech has added itself to the chorus, nay, throng of voices warning that poorly-implemented cloud computing and the world of BYO mobile devices are threats to enterprise security. In its Emerging Cyber Threats 2014 report, GT's Information Security Center joins World+Dog in noting that the Snowden NSA whistle-blowing has …
bug on keyboard

Botnet PC armies gulp down 16 MILLION logins from around the web: Find out if you're a victim

Officials in Germany have warned that large networks of hijacked, hacker-controlled PCs – aka botnets – have harvested 16 million email address and password combinations for websites and other online services. The (German Office of Information Security) BSI said cops and security researchers have been closely following armies of …
Shaun Nichols, 22 Jan 2014

Linux-friendly Munich: Ja, we'll take open source collab cloud

The Linux-friendly burghers of Munich are rolling out their own open-source groupware cloud, bucking the trend for going public. The German city has selected Kolab Desktop Client and Kolab web Client for more than 14,000 Linux PCs, surviving Windows PCs and a generation of mobile devices under a four-year project called MigMak, …
Gavin Clarke, 26 Feb 2014