Articles about It Security

IT security spending to hit $75.4bn in 2015 despite currency issues, says Gartner

Worldwide spending on information security will reach $75.4bn in 2015 – an increase of 4.7 per cent over 2014 – despite a currency-driven price hike causing some customers to delay purchases until next year. Government initiatives, increased legislation and high-profile data breaches are the hot topics shaping the latest …
John Leyden, 23 Sep 2015
Jeff Moss

IT security staff have a job for life – possibly a grim, frustrating life

Black Hat 2015 Speaking at the opening of the 18th Black Hat security conference, its founder Jeff Moss warned the assembled throng that while they might have job security, they weren't going to have fun in the next decade. "We are all employed for life," Moss said. "It's interesting, I see problems and challenges and on one hand am really …
Iain Thomson, 05 Aug 2015

Raytheon: Ho hum, another day, another $1bn cyber-security contract with Uncle Sam

Defense contractor Raytheon said it will be providing IT security for more than 100 US government agencies in a deal valued at upwards of $1bn. Raytheon said the billion-dollar contract, reportedly set to run for five to seven years, will include development and support of cybersecurity protections for the Department of …
Shaun Nichols, 30 Sep 2015

Lottery IT security boss guilty of hacking lotto computer to win $14.3m

Iowa state lottery's IT security boss hacked his employer's computer system, and rigged the lottery so he could buy a winning ticket in a subsequent draw. On Tuesday, at the Polk County Courthouse in Des Moines, Iowa, the disgraced director of information security was found guilty of fraud. Eddie Tipton, 52, installed a …
Iain Thomson, 22 Jul 2015
£10 notes. Pic: Howard Lake

Show us your security chops with the Cyber 10K challenge

Competition NCC Group has devised a lovely cyber security competition, Cyber 10K, which sees the winning contestant receive £10,000 and expert advice from the company to develop their own security solution.Enter and find out more here. We like the Cyber 10K concept so much that El Reg’s very own John Leyden, who has covered the IT …
David Gordon, 20 Aug 2015

Want security? Next-gen startups show how old practices don't cut it

Sysadmin Blog In case you hadn't noticed, IT security sucks. There is a chronic lack of people trained in IT security, people who will listen to IT security, and even a lack of agreement on how best to go about IT security. Fortunately, a new generation of startups are helping to tackle the issues. No matter how good a sysadmin you think …
Trevor Pott, 22 Aug 2015

Hacked US OPM boss: We'll fix our IT security – just give us $21 million

The boss of the US government's thoroughly ransacked Office of Personnel Management has – rightly – come in for a rough ride from members of the House Committee on Oversight and Government Reform. Politicians on both sides of the trenches tore strips off the lamentable state of security in the agency, which was raided by …
Iain Thomson, 16 Jun 2015

Who should be responsible for IT security?

Typically, when a cybersecurity problem arises, it’s the IT department that gets it in the neck. Ostensibly, that makes sense. After all, if someone is in your network mining your database for corporate secrets, it’s hardly the office manager or the accounts receivable department’s lookout, right? Perhaps. On the other hand, …
Danny Bradbury, 18 Aug 2015

The weapons pact threatening IT security research

Analysis The US government has rewritten chunks of an obscure weapons trade pact between itself, Europe, Russia, and other nations – a pact that is now casting its shadow over today's computer security tools. Dubbed the Wassenaar Agreement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, the treaty limits who …
Iain Thomson, 06 Jun 2015
Booth babe banhammer

Bye bye, booth babes. IT security catwalk RSA nixes sexy outfits

The organizers of this year's RSA security conference have made at least one thing clear to exhibitors: no booth babes. The industry shindig has sent out a new dress code banning scantily clad models, regardless of gender, from wandering the show floor. The rules dictate that exhibitors cannot wear shorts, tank tops and halter …
Shaun Nichols, 26 Mar 2015

Hidden password-stealing malware lurking in your GPU card? Intel Security thinks not

Fears that malware is hiding in people's graphics chipsets may be overclocked, according to Intel Security. Earlier this year, researchers from the self-styled “Team JellyFish” released a proof-of-concept software nasty capable of exploiting GPUs to swipe passwords and other information typed in by a PC's user. The same …
John Leyden, 01 Sep 2015
Panic button

SIM hack scandal biz Gemalto: Everything's fine ... Security industry: No, it's really not

Six days ago Gemalto, the world's largest SIM card manufacturer, was told that back in 2010 it had been ransacked by NSA and GCHQ hackers. Today the company gave itself the all-clear: no encryption keys, used to secure phone calls from eavesdroppers, were stolen, it claims. Yet the IT security industry is not so sure. Documents …
Iain Thomson, 25 Feb 2015
Fail and You

NASDAQ IT security spend: $1bn. Finding mystery malware on its servers: Priceless

NASDAQ servers were infected by malware that exploited two mystery zero-day vulnerabilities, according to a magazine cover story published today. Despite spending a ton of money on computer security, the stock exchange was wide open to attack, we're told. Today's report pulls back the curtain back to reveal a little more about …
Iain Thomson, 17 Jul 2014

Spanish election site in security cert warning screwup snafu

Updated Website crypto problems on the Spanish online voting registration website are causing it to generate all manner of security warnings. Attempts to visit the site – run by Spain's National Statistics Institute and introduced this year for municipal/regional elections – typically lead to users being confronted with …
John Leyden, 13 Apr 2015
Sad Anonymous

US Census Bureau IT systems hacked, data leaked by Anonymous

Anonymous hackers have swiped databases from servers used by the US Census Bureau, and dumped their contents online. The bureau, as you might imagine, collects information on the American population every 10 years – although the leaked data does not include citizens' census records. The purloined bureau databases include the …
Chris Williams, 23 Jul 2015
Flipside RFID-shielded wallet

Your security is just dandy, Apple Pay, but here comes Android

Analysis Most security experts estimate that the security offered within (and by) Apple Pay is superior to that seen in existing contactless credit or debit card systems. However, the success of the technology in the UK may well depend more on commercial factors than anything else, with one payments expert warning that merchants fees …
John Leyden, 16 Jul 2015
Photo of the White House at dusk

White House to world: We don't hoard IT security vulnerabilities

Backing up the NSA's claim that it was caught by surprise by the Heartbleed OpenSSL bug, the White House has tried to explain the rules under which it allows agencies to hoard security vulnerabilities. In this White House blog post, cybersecurity coordinator Michael Daniel says leaving a huge number of vulnerabilities …
Cloud security

Cloud Security Temperature Check

Survey Results It is increasingly common for users and business groups to drive their own adoption of cloud services. But even where IT is involved, as organisations ramp up their use of cloud, activity is often uncoordinated. Pulling the threads together across service silos to manage risks effectively can be a challenge. The right strategy …
Dale Vile, 20 May 2015

Would you hire a hacker to run your security? 'Yes' say Brit IT bosses

More than two in three IT professionals would consider ex-hackers for security roles, providing they have the right skills to do the job, a survey has found. In addition, 40 per cent of respondents to CWJobs' survey of 352 IT bods reckoned there aren't enough skilled security professionals in the UK technology industry. As if …
John Leyden, 30 Sep 2013
Keep out sign with deleted expletive

US watchdog: Anthem snubbed our security audits before and after enormous hack attack

A year or so before American health insurer Anthem admitted it had been ruthlessly ransacked by hackers, a US federal watchdog had offered to audit the giant's computer security – but was rebuffed. And, after miscreants looted Anthem's servers and accessed up to 88.8 million private records, the watchdog again offered to audit …
Shaun Nichols, 05 Mar 2015

Students! Graduates! Win £10,000 with the Cyber 10K challenge

Competition In a bid to help address the cyber skills gap in the UK, NCC Group is calling on Britain’s students and graduates to solve the cyber security challenges both businesses and consumers face today. The winner of the Cyber 10K challenge will receive £10,000 and expert advice from the company to develop their own security solution …
David Gordon, 14 Sep 2015
IT Crowd. Source: Channel 4 / 2entertain

'Shadow IT' gradually sapping power and budget from CIOs

The CIO's power over IT budgets is being slowly eroded, with spend now increasingly dispersed throughout organisations, according to a survey of 1,000 IT "decision-makers". The research from BT said CIOs now face a "Darwinian moment", with 76 per cent reporting unauthorized "shadow IT" within their businesses - an element that …
Kat Hall, 15 Dec 2014
US cashpoint. Pic: Tax Credits

Are you an infosec bod? You must be STINKING RICH, says study

Jobs in the lucrative cyber-security sector can command salaries of $200,000 or more, according to a new salary survey. Lead software security engineer pull in an average of $233,333 while Chief Security Officer ($225,000) and Global Information Security Director ($200,000) also receive serious salaries. A new study of 2015 …
John Leyden, 12 May 2015

Big data minnow swallowed by security player Accumuli

AIM-listed specialist security player Accumuli has coughed £1.9m for small Bracknell-based big data analytics reseller and integrator EQUALIS, it confirmed to the City today. This bolt-on-buy adds a seven-strong band of big data boffins that sell software from Splunk - for which EQUALIS is Blighty's only authorised training …
Paul Kunert, 02 Dec 2013

Black Hat 2015: 32 SCADA, mobile zero-day vulns will drop

Gird your loins, admins; researchers are set to drop 32 zero-day vulnerabilities at the Black Hat hacking fest in Las Vegas in August. The vulnerabilities have not been disclosed but they will affect mobile devices and Supervisory Control and Data Acquisition (SCADA) systems among other platforms. "We have 32 different zero- …
Darren Pauli, 21 Jul 2015

Security products: Best of breed or create your own monster?

IT security is not just about antivirus or firewall products anymore. There is a whole layer cake of different product types designed to protect your organisation in different ways. It is a stack, in much the same way as TCP-IP networking or web server functionality has stacks of functionality. The question is, what's the best …
Danny Bradbury, 07 Nov 2014
The Register breaking news

Putting the security jigsaw together

Reg reader research Effective IT security is both important and hard to implement, and it isn’t getting any easier. Central systems are becoming more complex, and keeping up with the ever-changing threat landscape is an ongoing challenge. Then there's the fact that end users are more mobile than ever and increasingly reckon they should be able to …
Tony Lock, 06 Sep 2013
The Register breaking news

A woman in IT is like a dog who speaks: Rare. A woman in IT security?

Women are shunning cyber security even more than they shun the rest of IT, according to a survey. Of the 2,500 people who took cyber security training at QA in 2012, just 6.2 per cent were women. The number of women choosing to take up security courses also declined overall by 19.5 per cent between 2011 and 2012, while the …
Jasper Hamill, 06 Jun 2013

Promise of ‘higher profits’ sees US targeted by Android PIN-locking ransomware

Android PIN-locking ransomware, which – unbeknown to the user – changes a device's login code, is targeting mobile phone users in North America, leaving victims with a locked screen and a demand for $500. However, since the PIN is reset randomly even complying with these extortionate demands won’t do any good, as not even the …
John Leyden, 10 Sep 2015

Five million people exposed in Scottrade brokerage hack

If you've bought shares using retail broker Scottrade in the last few years, you may want to get in touch with the biz because its servers have been plundered by hackers unknown. The firm only found out about the data breach when the Feds got in contact to let it know. It now appears that 4.6 million customer accounts have …
Iain Thomson, 02 Oct 2015

The car in front has Kaspersky deep inside

Kaspersky Lab is taking anti-virus in a different direction by embedding it in SCADA-based industrial control systems, components of the Internet of Things, and yep, even cars. The Russian security software firm and SYSGO has teamed up to embed the new Kaspersky Security System platform within SYSGO's real-time operating system …
John Leyden, 02 Mar 2015
US Pentagon. Pic: DoD photo by MSgt Ken Hammond, USAF

You're hosting Uncle Sam's files in the cloud. You get hacked. This is what happens next

The US government has posted a new set of rules outlining how cloud providers should report IT security cockups that involve Uncle Sam's data. The new Department of Defense (DoD) rules [PDF] include requirements on how contractors who handle government information should deal with computer network breaches and attacks, and how …
Shaun Nichols, 26 Aug 2015

India's tough hacker crackdown: IT security leaflets with every device

India has reportedly concocted a plan to cut down on IT security problems: forcing hardware vendors to include a security awareness brochure with all desktop PCs, mobile phones and USB modems. The plans were dreamt up to improve the country’s cyber security preparedness, in response to the increasing volume of online threats …
Phil Muncaster, 14 Jan 2013
The Register breaking news

Bit9 hacked after it forgot to install ITS OWN security product

IT security biz Bit9's private digital certificates were copied by hackers and used to cryptographically sign malware to infect the company's customers. The software-whitelisting firm's certificates were swiped when its core systems were hacked last week. The intruders then signed malicious code and distributed it to the company …
John Leyden, 11 Feb 2013
sap security vulnerabilities

Almost EVERY SAP install hackable, researchers say

A staggering 95 percent of enterprise SAP installations contain high-severity vulnerabilities that could allow systems to be hijacked, researchers say. Researchers from SAP security tools vendor Onapsis say attackers can target the SAP installs to pivot from low to high integrity systems, execute admin privilege commands, and …
Darren Pauli, 08 May 2015

Experian-T-Mobile US hack: 'We trusted them, now that trust is broken'

Analysis The IT security breach that spilt the personal details of an estimated 15 million T-Mobile US phone contract applicants has thrown a new spotlight on the risks of breaches at third-party companies. T-Mobile's own systems weren't compromised. Rather, the source of the leak was Experian, the company that processed the carrier's …
John Leyden, 02 Oct 2015

Trump confirms carders raided Las Vegas hotel sales tills

Trump Hotel Collection has confirmed in a letter to customers that IT security at one of its Las Vegas hotels was breached. News emerged in July of a possible breach at the US chain owned by real estate magnate and Republican candidate Donald Trump. It was suspected at the time based on intelligence from bank fraud sleuths …
Darren Pauli, 29 Sep 2015
hands waving dollar bills in the air

Reconceptualising IT security

Whitepaper Traditional approaches to information security are incapable of dealing with today's threats. Just as the attackers have evolved, so the security industry needs to adopt new architectural models and techniques to deliver appropriate protection without imposing unnecessary costs. In a nutshell this is the thesis of our latest …
Miatta Momoh, 14 Apr 2011
Smartphones running Ubuntu

Ubuntu phone on sale to world+dog ... but will it work on your network?

Customers worldwide are now able to buy smartphones running the mobile version of Ubuntu Linux, even though many won't be able to get full value out of them. In a Tuesday blog post, Ubuntu maker Canonical said that BQ, its Spanish hardware partner, has opened a new online store where customers around the world can order the …
Neil McAllister, 11 Aug 2015

Insurer tells hospitals: You let hackers in, we're not bailing you out

When hackers swiped 32,500 patient records from Cottage Healthcare System, it was sued by its own customers for $4.1m – a bill that was settled by its insurers. Now the insurance company, Columbia Casualty Company, has claimed Cottage's computers were hopelessly insecure, and it wants its money back. Columbia claims the …
Shaun Nichols, 28 May 2015

Hacked US Census Bureau staff to take anti-phishing classes

The US Census Bureau has asked for additional IT security training for its staff – including tips on how not to fall for phishing emails – in the wake of last week's server breach. The bureau said in a blog post over the weekend that the hackers who managed to pull employee records from its computers did so by targeting the …
Shaun Nichols, 28 Jul 2015
Bye bye Olympia

Infosec turns 20 to face battle with BSides, RSAC Unplugged

Infosec 2015 Infosec, the annual IT security trade show, wheeled out the rock stars of the Infosec world for its 20th anniversary this week. Bruce Schneier and John McAfee – the Paul McCartney and Keith Moon of the cybersecurity world – both keynoted as the show return to its original home in Olympia, London following an extended sojourn at …
John Leyden, 04 Jun 2015
bug on keyboard

Aargh! Bamboozled by security licensing - what works for my family?

Readers' corner And so to El Reg Forums and Edwin, a commentard since 2007, who is having a bit of trouble in choosing IT security software for his family. He writes: I'm rapidly losing my mind in the minefield that is security software, particularly when it comes to licensing many devices... The internet has become useless for this sort of …
Drew Cullen, 19 Feb 2014

NATO nations 'will respond to a Cyber attack on one as though it were on all'

NATO is set to agree a new cyber defence policy that would mean any severe cyber attack on a NATO member could be considered tantamount to a traditional military attack and invoke the alliance's collective defence provisions. Article V is the collective defence clause of the NATO treaty by which an attack on one member is …
John Leyden, 03 Sep 2014
GCHQ is following you on Twitter, Faceboo, email...


Britain's global eavesdropping nerve-centre GCHQ hopes to turn its certificates of IT security competence into an industry standard - by awarding them to bods in the private as well as public sector. The CESG (Communications-Electronics Security Group) Certified Professional scheme (CCP) was launched in October, and is handed …
John Leyden, 01 Oct 2013
Stock ticker board

Sophos looks to raise £65m with IPO

Security software outfit Sophos is to imminently float on the London Stock Exchange, a move it estimates will raise $100m (£65m), the company announced today. The Oxford-based biz is thought to be targeting a valuation of £1bn, according to The Sunday Times (subscription required). Richard Holway, analyst at TechMarketView …
Kat Hall, 03 Jun 2015

Backup upstart Code42 is in a world of Payne

Backup and file sync'n'sharer Code42's cofounder CEO has stepped back to bring in a pro to grow the upstart into the big time. Cofounder Matthew Dornquast is shifting to an undefined role as Joe Payne seats himself behind the chief exec's desk. Payne gets a presidential title as well. His CV must have made the Code42 board and …
Chris Mellor, 17 Jul 2015
New York City's Manhattan skyline

New York side-eyes California's hack attack laws: I'll have what she's having

New York's attorney general is asking the state to set new rules requiring companies to confess when they've been hacked. The Big Apple's AG Eric Schneiderman said that he is going to ask the state to force organizations to disclose the loss of customer user names, passwords and security question answers as part of its …
Shaun Nichols, 15 Jan 2015

Hey kids, who wants to pwn a million BIOSes?

The overlooked task of patching PC BIOS and UEFI firmware vulnerabilities leaves corporations wide open to attack, a new paper by security researchers warns. Xeno Kovah and Corey Kallenberg argue that the poor state of low-level software security is among the easiest ways for hackers to deeply infiltrate organizations. A …
John Leyden, 12 Jun 2015

Britain's FBI wants 'Five Eyes' cosy hookups with infosec outfits

Cloudsec The UK's National Crime Agency – Blighty's equivalent of the FBI – wants its staff to "colocate" with private-sector IT security companies around the world. In other words, investigators and infosec employees placed alongside each other to sniff out cyber-criminals. This will apparently help the agency reach across …