Feeds

Articles about Information Security

Hacked sarcasm

Biz coughs up even less for security, despite mega breach losses

Information security budgets are falling despite a continuing rise in the number of attacks, according to a new report by management consultants PwC. Detected security incidents have increased 66 per cent year-over-year since 2009, reaching the equivalent of 117,339 attacks per day, according to PwC's "The Global State of …
John Leyden, 01 Oct 2014

Moscow, Beijing poised to sign deal on joint cyber security ops

Moscow and Beijing will next month sign a deal to commence joint information security projects and operations, and to increase cooperation in the space, according to a popular Russian newspaper with ties to President Vladimir Putin. Kommersant owned by Russia's richest man and President Putin ally Alisher Usmanov reported ( …
Darren Pauli, 24 Oct 2014
GCHQ as seen on Google Earth

O2 vs Vodafone: Mobe firms grab for GCHQ, gov.uk security badge

Both Vodafone and O2 are claiming to be the best mobile phone network for people, particularly government people, who are worried about security. O2 is crowing about achieving the secure and government-approved network certification known as CAS(T), which stands for CESG Assured Service (Telecommunications), O2 being the first …
Simon Rockman, 11 Aug 2014

Adobe CSO offers Oracle security lesson: Go click-to-play

Oracle could have saved mountains of cash and bad press if Click-to-Play was enabled before Java was hosed by an armada of zero day vulnerabilities, Adobe security boss Brad Arkin says. The simple fix introduced into browsers over the last year stopped the then zero day blitzkrieg in its tracks by forcing users to click a button …
Darren Pauli, 16 Oct 2014
management management4

Security: Sweet brief for rare man Roche, new boss of Fujitsu TS

Fujitsu company veteran Tom Roche has grabbed the chieftain's chair at the Technology Solutions unit with a specific brief to boost security sales. The post became vacant last month when former boss Michael Keegan was made overlord of UK ops for Fujitsu, replacing Duncan Tait who was lifted to the head of the EMEIA organisation …
Paul Kunert, 18 Jun 2014

Trustwave gobbles up Application Security, gorges itself on tech

Data security biz Trustwave has acquired fellow data security provider Application Security, a startup that specialises in automated database security scanning technologies. Financial terms of the deal, announced on Monday, were undisclosed. Privately-held Application Security develops security software for relational databases …
John Leyden, 12 Nov 2013
iCloud brute force

Apple promises iCloud security alerts, better 2FA after, er, NAKED Internet of Thingies flap

Apple plans to roll out new iCloud security alerts as well as extending its two-step authentication technology in the wake of this week's privacy flap over nude selfies of Jennifer Lawrence, Kate Upton and other celebs. Private pictures of disrobed (female) celebrities including Oscar winner Lawrence and swimwear model Upton …
John Leyden, 05 Sep 2014

Japan needs 80,000 EXTRA info-security bods to stay safe

Japan has an 80,000 shortfall in infosec professionals, and needs to provide extra training for more than half of those currently in the industry, if it’s to protect key IT systems from attack, according to the government. A government panel of information security experts met back in June to draw up a long term plan to address …
Phil Muncaster, 09 Oct 2013

VMware's tool to harden virtual networks: a spreadsheet

VMware has released a guide to hardening its NSX virtual networking and product. The guide published online by VMware information security professional Pravin Goyal, covers management, control and data planes. It recommends including audit logs and system events in backups, enabling and securing remote logging for the NSX …
Darren Pauli, 14 Oct 2014
Job cuts jpeg

Layoffs at EMC's RSA security division

RSA, the security division of EMC, has confirmed plans to restructure its business, a move than means an unspecified number of long-term staffers will be shown the door. Details are scarce, for now, but RSA said that it plans to make new hires that will more than offset job losses by start of 2014. It wrote in an email: While …
John Leyden, 20 Sep 2013
Diversion

Email-sniffing Linkedin Intro NOT security threat, insists biz network

LinkedIn, the social network for suits, has come out in defence of its LinkedIn Intro app after security researchers panned it for making users' emails vulnerable to hackers. LinkedIn Intro is an iOS application that allows iPhone or fondleslab users to route their email through so that they receive background information on an …
John Leyden, 29 Oct 2013
Parliament in the clouds

Home Office launches £4m cyber security awareness scheme

The UK Home Office has launched a new £4m information security awareness campaign, designed to educate businesses and consumers about rising hacker threats. The first stage of the campaign is due to get underway in the autumn. The scheme will sit alongside other more established information security initiatives, such as Get Safe …
John Leyden, 24 Jun 2013
GCHQ road sign

GCHQ names the Hogwarts for Hackers

The UK's Government Communications Headquarters (GCHQ) has certified six Masters of Cyber Security degrees. The certifications were issued under the UK's Cyber Security Strategy that, among other things, calls for the nation to “Strengthen postgraduate education to expand the pool of experts with in-depth knowledge of cyber.” …
Simon Sharwood, 04 Aug 2014

Energy firms' security so POOR, insurers REFUSE to take their cash

Underwriters are reportedly refusing to insure energy firms because poor security controls are leaving them wide open to attacks by hackers and malware infestations. Lloyd's of London told the BBC they had seen a surge in requests for insurance from energy sector firms but poor test scores from security risk assessors means that …
John Leyden, 27 Feb 2014

KPMG cuts its funding for UK.gov's Cyber Security Challenge

KPMG is cutting back on its sponsorship of the UK government-backed Cyber Security Challenge after concluding the puzzle-based focus of the competition is failing to attract the right kind of potential recruits into the infosec profession. Senior security staff at the professional services firm told Computing that it was scaling …
John Leyden, 17 Jan 2014

Knives out for new EU rules forcing govts to reveal hacker attacks

Talks began on a new computer security law for Europe on Tuesday night. National ministers, the European Commission and MEPs got together for the first time in an attempt to nail down the wording in the proposed Network and Information Security (NIS) Directive. When it was proposed by the commission early last year, the draft …
Jennifer Baker, 14 Oct 2014

DARPA slaps $2m on the bar for the ULTIMATE security bug SLAYER

It's a bad day for the vulnerability scanning industry: DARPA has announced a new multi-million-dollar competition to build a system that will be able to automatically analyze code, find its weak spots, and patch them against attack. Mike Walker, DARPA program manager, said that the challenge was to start a "revolution for …
Iain Thomson, 22 Oct 2013

FIRST standards to clean up messy CERTs

The global gathering of incident responders FIRST is spearheading a global standards effort to reform and unify the operations of government and large enterprise computer emergency response teams (CERTs). The Forum of Incident Response and Security Teams (FIRST) has tipped US$500,000 into the effort and has received backing from …
Darren Pauli, 20 Oct 2014

RSA boss demands revamp of outdated privacy, security regs

Corporate security policies that simply adopt regulations and obsess over privacy are stuck in the last century, according to senior execs at security biz RSA. Tom Heiser, president of the EMC-owned outfit, told delegates to the RSA Europe conference that efforts to comply with red tape and standards is fruitless as the rules …
John Leyden, 10 Oct 2012
management governance3

New security standard for CHAPS who have your CREDIT CARD data

A new version of the PCI-DSS payment card industry standard was published yesterday, and is due to come into effect at the start of January. The new rules place a greater emphasis on promoting improved security rather than complying with pre-set rules. PCI DSS 3.0 is designed to "help organisations take a proactive approach to …
John Leyden, 08 Nov 2013
Sydney harbour bridge poking out of the clouds

Australia mandates* cloud use by government agencies

Australia's Department of Finance has updated its Cloud Policy to say “... agencies now must adopt cloud”. Those italics are the Department's, and it also has some qualifications for the edict, namely that cloud should only be adopted “where it is fit for purpose, provides adequate protection of data and delivers value for money …
Simon Sharwood, 08 Oct 2014
The Register breaking news

Google offers limited data on National Security Letters

Google has expanded its semiannual Transparency Report to include data about National Security Letters (NSLs) – albeit only a very small amount of data, given the strict secrecy that continues to surround the controversial documents. NSLs are letters written by US government agencies – usually the FBI, but occasionally such …
Neil McAllister, 05 Mar 2013
The Register breaking news

Step forward the chief information security officer

What does the modern chief information security officer (Ciso) look like? The role used to be little more than acting as a glorified sysadmin but things have changed. These days, Cisos must be all-rounders, concentrating not just on technology but on business too. “In recent years, the role of the Ciso has become more business …
Danny Bradbury, 15 Nov 2011
Hacked sarcasm

Oz privacy comish says breaches could double this year

The office of Australia's Federal Privacy Commissioner has received 60 voluntary data breach notifications in the six months since 12 March compared to 71 received in the 2014 financial year. The statistics provide to Vulture South and repeated at the Australian Information Security Association conference include all manner of …
Darren Pauli, 20 Oct 2014
The Register breaking news

PayPal security boss: OBLITERATE passwords from THE PLANET

PayPal has declared war on the password - and wants a better way for folks to perform open sesame on their own internet accounts. Speaking at the Interop security conference in Las Vegas yesterday, Michael Barrett, chief information security officer at PayPal, talked about his work to create an open standard that could remove …
Jasper Hamill, 10 May 2013

Cisco okayed for UK government comms

Cisco has had a bunch of products certified as secure by the GCHQ's information security arm, the Communications & Electronics Security Group (CESG). The certification only covers the products to handle information up to the UK government's “Official” classification – that is, most government information. However, as the …

Vulnerable utilities, telcos, top of new Aussie natsec centre's to-do list

The Australian Cyber Security Centre (ACSC) will increase its headcount from 90 to 150 as soon as possible, then grow to full capacity of 300 seats by year's end. The centre's opening was delayed to allow staff to move into the new Australian Security Intelligence Organisation (ASIO) ASIO building to avoid burning taxpayer dosh …
Darren Pauli, 16 Oct 2014
Cyber friends - Kiwicon 7

Australia and USA strike closer cyber defence alliance

Australia and the United States will forge tighter bonds in information security defence and incident response on the back of a White House meeting between the nation's leaders. The announcement contained scant detail on the arrangement and came as Prime Minister Tony Abbott and President Barack Obama agreed to new defence deals …
Darren Pauli, 13 Jun 2014
padlock

IBM snaps up identity access gatekeeper tech

IBM has snapped up privately held security software firm CrossIdeas. Financial terms of the deal, announced Thursday, were undisclosed. Rome, Italy based CrossIdeas has been developing identity access technology since 2011. Its technology allows CISOs and security teams in big companies to automatically detect conflicts in …
John Leyden, 01 Aug 2014
The Register breaking news

UK faces hacking doom, but think of the money, security startups!

The UK government is hit by more than 33,000 pieces of malicious email a day, ranging from casual phishing to targeted espionage attacks. Chloe Smith, minister for political and constitutional reform at the Cabinet Office, told delegates at the Infosecurity Europe conference on Wednesday that despite this onslaught cyber …
John Leyden, 25 Apr 2013
The Register breaking news

Samsung: Smart TV security hole is so minor we'll fix it immediately

Samsung has downplayed the significance of a data-leaking security bug in its Smart TVs, but promised to close the hole by January. Earlier this month Malta-based startup ReVuln said it had discovered a vulnerability that allows hackers to remotely copy data off USB drives connected to a Samsung TV LED 3D and other Smart TVs, …
John Leyden, 19 Dec 2012

Watch this! The changing face of malware

Youtube Video The anti-malware software industry seems to be fighting a losing battle, with Symantec even declaring antivirus "dead". In this online tutorial Darryl MacGregor, principal technologist for information security at IT training biz QA, discusses the best strategies for protecting your information assets in the near …
David Gordon, 21 May 2014
Sharing image

ENISA, Europol, strike info-sharing deal

Europe's peak information security body will join forces with the continent's criminal intelligence sharing outift in order to beat down on carders and crackers plaguing Europe. Heads of the European Union Agency for Network and Information Security (ENISA) signed a deal with Europol at the Hague last Thursday to give a …
Darren Pauli, 30 Jun 2014

CERT Oz report: 76 orgs popped in targeted attacks

Seventy six businesses have owned up to targeted attacks getting past their defences, according to the government's Computer Emergency Response Team (CERT), which released the findings in an annual report late yesterday. The mostly Australian businesses represented 135 organisations reporting to the CERT Australia survey and …
Darren Pauli, 30 May 2014

Chinese APT groups targeting Australian lawyers

Law firms are among Australian businesses being targeted by at least 13 Chinese advanced malware groups in a bid to steal intelligence from big business, says forensics bod and Mandiant man Mark Goudie. The attacks are well planned and rely on a combination of stealth and persistence in order to extract any and all valuable …
Darren Pauli, 21 Oct 2014
The Register breaking news

Russian cops lack kit to fight cybercrooks, says Brit security buff

A shift in perspectives in Russia over the last 18 months means the country has ceased to be a safe haven for cybercrime. Crackdowns on e-crime have taken place in the past, most notably the successful prosecution of the extortionists who were behind denial-of-service attacks against online bookmakers. However, the perception …
John Leyden, 06 Jun 2013
French cartoon, 1790: devil disguised as man walking tightrope

Happy now? Mobiles, cloud, big data now 'a growing security risk'

Innovations in mobile and cloud computing, social technology and the use of "big data" present an emerging risk to organisations' IT security, experts have warned. The European Network and Information Security Agency (ENISA), which is an EU advisory body, said that those technologies would increasingly provide the platform for " …
OUT-LAW.COM, 11 Jan 2013
A boat full of Fail

Travel website Hotel Hippo yanked offline after data leaks spotted

Travel website Hotel Hippo is closed for business after an infosec bod spotted gaping security flaws which could allow hackers to snoop through customers' booking details. Information security consultant Scott Helme contacted The Register to discuss the security lapse, which could come in very handy for burglars who want to see …
Jasper Hamill, 02 Jul 2014
Doom printer hack

Infosec geniuses hack a Canon PRINTER and install DOOM

Security researchers have demonstrated a hack that allowed them to get into the web interface of a Canon Pixma printer before modifying its firmware to run the classic 90s computer game Doom. The proof-of-concept demo by security researchers at Context Information Security, which involved remotely accessing the web interface on …
John Leyden, 15 Sep 2014
management regulation2

Japan preps new law to bolster government cyber defences

Japanese lawmakers are urgently preparing a new bill designed to allow the government’s information security agencies cut through the bureaucracy that is crippling their ability to deal with online threats. The proposed law would give the National Information Security Centre (NISC) and its Government Security Operation …
Phil Muncaster, 12 Mar 2014
The Register breaking news

Tablet security study finds BlackBerry still good for something

A technology audit has identified security failings in three of the most popular tablets, raising concerns about the security implications of allowing workers to use their personal technology at work. A study by Context Information Security looked at Apple's iPad, Samsung's Galaxy Tab and RIM's BlackBerry PlayBook, and concluded …
John Leyden, 05 Oct 2012

SHOCK HORROR: Oz's biggest govt agencies to miss infosec deadline

Australia's largest government agencies will miss a July deadline to implement even basic information security controls. The Australian National Audit Office's (ANAO's) annual report says that the country's biggest government agencies won't deploy Defence-issued controls to implement fast patching and organisation-wide …
Darren Pauli, 25 Jun 2014
The Register breaking news

Last chance to vote for new sheriffs of security town

Friday marks the final day to submit votes for this year's election of directors to the (ISC)2 security certification body. (ISC)2, which administers the widely recognised Certified Information Systems Security Professional (CISSP) qualification, has around 80,000 members and several vocal critics in the infosec community. …
John Leyden, 30 Nov 2012
No sign

How exec snatched $6m budget from his infosec team because he couldn't see ROI

The Australian Information and Security Association (AISA) is testing the security chops of 150 executives on Australian boards in an effort that may prove information security is only a "top priority" after a breach. It will take most of the year for the association to phone the executives in some of the nation's biggest …
Darren Pauli, 15 May 2014

CryptoLocker victims offered free key to unlock ransomed files

Security researchers have released a tool that allows victims of the infamous CryptoLocker ransomware to unlock their computers at no charge. DecryptoLocker from net security firm FireEye and threat intelligence company FoxIT offers a cure for the estimated 500,000 victims of CryptoLocker. Victims need to upload a CryptoLocker- …
John Leyden, 06 Aug 2014
Li-Fi D-Light

Fridge hacked. Car hacked. Next up, your LIGHT BULBS

Those convinced that the emerging Internet of Things (IoT) will become a hackers' playground were given more grist for their mill with news on Friday that security researchers have discovered a weakness in Wi-Fi/mesh networked lightbulbs. Researchers at Context Information Security discovered that LED light bulbs from …
John Leyden, 07 Jul 2014

UK unis, McAfee collude to beat collusion attacks

The UK's Engineering and Physical Sciences Research Council (EPSRC) is backing research designed to improve detection of “collusion” between malicious apps on the Android platform. Collusion attacks use malicious apps with different levels of permissions to bypass Android access controls. For example, one app might request …
The Register breaking news

Battered Sony hires cyber-security chief

Sony is beefing up its security staff after the devastating hacking attack in April that crippled the Playstation Network for 23 days and led to the potential exposure of millions of users' account information. The company has picked former US Department of Homeland Security exec Philip R Reitinger to fill the role of senior VP …
GCHQ is following you on Twitter, Faceboo, email...

GCHQ to share threat intel – and declassify SECRET inventions

Blighty intelligence and security bods at GCHQ will share classified info on cyber threats with organisations running the UK’s critical national infrastructure as well as declassifying some of the spy agency's intellectual property. It's all part of a series of moves designed to share its expertise. The agency used its IA14 …
SA Mathieson, 17 Jun 2014

It's 2014 and you can still own a Windows box using a Word file or font

Microsoft has today patched two dozen CVE-classified security vulnerabilities in its software. People are urged to install them as soon as possible. The US giant said the October edition of Patch Tuesday includes three critical fixes to address flaws in Internet Explorer, the .NET Framework and Windows kernel-mode driver. The …
Shaun Nichols, 14 Oct 2014