Articles about Security

Cisco gobbles OpenDNS, sorts out cloud security portfolio

Cisco will buy privately held net security firm OpenDNS for $635m in cash, to make good its cloud security portfolio and boost the networking giant's "security everywhere" approach. Announcing the deal today, the leviathan is offering the bundle of cash alongside assumed equity awards, plus retention based incentives for OpenDNS …
Lock security

Check Point snaps up mobile security outfit Lacoon

Check Point is buying Lacoon Mobile Security, in a deal that expands the security software firm beyond its core firewall and IDS market while pushing it further into mobile. Terms of the deal, announced Thursday, were undisclosed. Lacoon develops security apps for both iOS and Android, as well as marketing real-time mobile …
John Leyden, 02 Apr 2015

Facebook! exfiltrates! Yahoo! security! boss!

Facebook has poached NSA-clashing Yahoo! security man Alex Stamos to head up its infosec operations. The hire means Menlo Park has filled a three-month vacancy left when security boss Joe Sullivan who oversaw a crackdown on Facebook scammers and scum left for Uber. Stamos fittingly announced his migration on his Facebook …
Darren Pauli, 26 Jun 2015
Cloudy sky

Sophos buys cloudy email security outfit Reflexion Networks

Sophos has acquired cloud-based email security firm Reflexion Networks. Financial terms of the deal, announced on Tuesday, were undisclosed. Reflexion markets archiving, email encryption and business continuity services. Reflexion Total Control blocks spam and viruses before they ever get to the corporate network. Archiving, …
John Leyden, 09 Jun 2015
Cisco security puff from its website

Cisco in single SSH key security stuff-up

A red-faced Cisco has pushed out a patch for a bunch of virtual security appliances that had hard-coded SSH keys. Since the keys are associated with the virty appliances' remote management interface, a successful login would let an attacker waltz through the devices. The Borg has announced that its Web Security Virtual …

Vic Govt security standards to launch next month

The data security boss for the Australian state of Victoria David Watts says more than 2,500 state government agencies will be required to comply with security benchmarks to be released next month. Watts says the Victorian Government Protective Data Security Framework (VPDSF) he and his team developed is slated for release on 1 …
Darren Pauli, 03 Jun 2015

Metasploit maker Rapid7 gobbles web app security testing firm

Metasploit firm Rapid7 has snapped up web and mobile application security testing company NT OBJECTives (NTO). Financial terms of the deal, announced Monday, were undisclosed. Rapid7 has folded NTO’s application security testing product, renamed as Rapid7 AppSpider, into its security data and analytics platform to give customers …
John Leyden, 05 May 2015
Padlocks by Simon Cocks Flickr CC2 license

No more customisation? Cloud Security Alliance calls for Open APIs

The Cloud Security Alliance has teamed up with CipherCloud to try and impose some discipline on the sector by defining protocols and best practice. CipherCloud will co-lead a Cloud Security Open API Working Group to develop vendor neutral protocols and best practices under the the Cloud Access Security Broker Framework. The …
Joe Fay, 30 Jun 2015
De Vaartkapoen. Pic: Bianca Bueno

Security software's a booming market. Why is Symantec stumbling?

Worldwide security software revenue totalled $21.4bn in 2014, a 5.3 per cent increase from 2013's revenue of $20.3bn, according to the serious bean counters at Gartner. A decline in consumer security software and endpoint protection — areas that together account for 39 per cent of the market — was more than offset the strong …
John Leyden, 27 May 2015

Symantec data centre security software has security holes

Security bod Stefan Viehböck has detailed holes in Symantec's data centre security platforms that the company plugged this week because they allowed hackers to gain privilege access to management servers. The patches fix holes in the management server for Symantec Critical System Protection (SCSP) 5.2.9 and its predecessor Data …
Darren Pauli, 23 Jan 2015

Security sleuths, sniff out the stupid from your Oracle DBs

Databases remain a security nightmare, says Datacom TSS hacker David Litchfield, so he's built an application to give admins a hand. The Datacom TSS hacker says the Database Security Scorecard will help inform system administrators of security shortfalls in databases and help bridge the language gap between management and tech …
Darren Pauli, 04 Jun 2015
sea_hp_sink

Atalla the hun(ter) leads HP cloud security invasion

HP has revealed a bunch of security analytics tools and services as part of an infosec portfolio launch. The company reckons the IT industry isn't keeping up with security threats, so it's pushing a focus on “the interactions between users, applications and data”. To that end, there's additions to ArcSight, a new cloud security …

Senior execs at NTT Com Security quit, but not with immediate effect

Top brass at NTT Com Security are hot footing it out of the organisation at the end of next month, the company confirmed today. CEO Simon Church, formerly COO at reseller Integralis (which NTT acquired in 2009 to form the backbone of its security ops), and chief beanie Heiner Luntz, have quit. Climbing into the chief exec’s …
Paul Kunert, 23 Jun 2015
Rotten Apple

Apple gets around to fixing those 77 security holes in OS X Yosemite

Apple has released a series of security updates to address 77 CVE-listed security vulnerabilities in OS X Yosemite. The Yosemite 10.10.4 update includes fixes for QuickTime, OpenSSL and ImageIO, along with remote code execution flaws and other exploits that could allow an attacker to obtain elevated privileges or crash …
Shaun Nichols, 30 Jun 2015
Dunce

NIST issues 'don't be stupid' security guidelines for contractors

There's no irony here at all: America's National Institute of Standards and Technology (NIST) has finalised its advice to US Federal agencies about how sensitive data should be protected when it's handled by contractors and outsiders. The recommendations, if they'd existed and been followed, might have helped protect Americans …

Stop the war between privacy and security – EU data watchdog

Security and privacy are not mutually exclusive says Europe’s privacy watchdog – and people should stop saying they are. The European Data Protection Supervisor (EDPS), Giovanni Buttarelli, told a Brussels conference he was concerned that “the objective of cyber-security may be misused to justify measures which weaken protection …
Jennifer Baker, 29 Apr 2015

RSA supremo rips 'failed' security industry a new backdoor, warns of 'super-mega hack'

RSA 2015 RSA president Amit Yoran tore into the infosec industry today, telling 30,000 attendees at this year's RSA computer security conference that they have failed. “2014 was yet another reminder that we are losing this contest,” Yoran said in his keynote this morning at the annual event in San Francisco, California. “The adversaries …
Darren Pauli, 21 Apr 2015

Blackberry hires new security chief

Blackberry has hired security luminary David Kleidermacher to head its security division. Kleidermacher served as the chief technology officer at Green Hills Software which developed secure embedded software for clients in military, industrial and medical industries including the EAL6-rated Integral operating system. He brings …
Darren Pauli, 11 Feb 2015
Policeman claps in London street

Europol and Barclays shack up for steamy security shenanigans

EU law enforcement body Europol and Barclays have signed a Memorandum of Understanding (MoU) to formalise their cooperation in combating cybercrime targeting the financial sector. The agreement establishes a formal means for Europol and Barclays to "exchange strategic information, information on trends, expertise and statistical …
man_from_uncle_648

GCHQ: Security software? We'll soon see about THAT

The UK's spook agency GCHQ has been working with the National Security Agency to subvert anti-virus software, according to the latest piece of spoon-fed Snowden info reported on The Intercept. According to Glenn Greenwald's rag, spooks reverse-engineered software products in order to obtain intel – a tactic that will surely come …
Kat Hall, 23 Jun 2015
padlock

ISO floats storage security standard

The International Standards Organisation reckons the world needs help securing its data, so has published a new storage security standard to cover it. Because The Register isn't about to shell out 198 Swiss Francs to read the whole thing, we're constrained in our ability to tell you exactly what it contains, but we note that the …

Cisco security software needs security patch

Cisco's ASA FirePOWER services and ASA CX Services are vulnerable to a denial of service (DoS) bug in the virtualisation layer. The just-updated ASA FirePOWER threat-detection platform and ASA CX (which adds application and user ID awareness to the system) could be forced to reload by an attacker hosing their management …

'Security, privacy' main barrier to 'government cloud' rollout in EU

Security and privacy issues are holding back "the cloudification of governmental services" in the EU, according to a new report. The European Union Agency for Network and Information Security (ENISA) said concerns about how sensitive data is protected in a cloud computing environment have not been resolved. It said data security …
OUT-LAW.COM, 04 Mar 2015

Super Stuxnet's SCADA slaves: security is atrocious

Botnet boffin Peter Kleissner says at least 153 computers are still slaves to Stuxnet. Of those, six are tied to supervisory control and data acquisition (SCADA) systems which the malware is designed to exploit to destroy the attached machinery. Kleissner told a presentation at an information security conference in Vienna last …
Darren Pauli, 11 Jun 2015
Brute force

Home Wi-Fi security's just as good as '90s PC security! Wait, what?

UK home Wi-Fi security is as bad as PC security was in the 1990s, according to a new study. Security software firm Avast found that more than half of all routers are poorly protected by default or common, easily hacked password/ID combinations. Easily hacked password combinations such as admin/admin or admin/password, or even …
John Leyden, 08 Dec 2014

ISC2 launches security cert training for cloud-defending cherubs

ISC2 has announced the dates of its training courses for its new cloud security certification, created alongside Cloud Security Alliance (CSA), beginning with exam availability in PearsonVUE testing centres from 21 July. The pitch for the ISC2- and CSA-developed Certified Cloud Security Professional (CCSP) certification …
Lock security

Check Point buys bare-metal security upstart Hyperwise

Check Point has pounced early to buy up stealth-mode security startup Hyperwise, which does sandboxing on the CPU itself rather than in the OS. Financial terms of the deal, announced on Wednesday, were not disclosed. Israel-based Hyperwise’s CPU level threat prevention technology is designed to throttle malware-based attacks at …
John Leyden, 18 Feb 2015
Oracle headquarters

Oracle grunts, grimaces, pushes out 98-flaw security patch batch

Oracle has patched nearly 100 security flaws in Java, Fusion Middleware, Database, MySQL and other products. For Java SE, the update fixes 14 CVE-listed bugs. All of the flaws are remotely exploitable without authentication to compromise a victim's computer, and three were given risk assessment scores of 10 out of 10. (Psst ... …
Shaun Nichols, 15 Apr 2015

We’re in bed together, admit Intel Security, Trend Micro and NCA

The UK's National Crime Agency has enlisted two leading security firms as part of a collaborative intelligence-sharing effort. Intel Security and Trend Micro will be part of the "virtual threat teams" which will provide the police with intelligence on cybercrime threats in the UK and the rest of the world. As both companies …
Homer Simpson reading on a tablet

Help! Virgin Media FORGETS to renew its security certificate on contact page

Virgin Media has failed to renew its security certificate on the company's 'Contact us' page of its website. It is currently displaying an "untrusted connection" warning about the help.virginmedia.com url. Customers who attempt to contact the Liberty Global-owned cable firm are greeted with the confusing alert that suggests …
Kelly Fiveash, 15 Mar 2015
HMRC

Security vendor's blog post pinched to make HMRC phish look legit

Netcraft has found that security firm TrustWave inadvertently gave phishers a helping hand. The situation starts in this December 2010 blog post by Gavin Neale of M86 Security Labs, a company since acquired by TrustWave. Until Wednesday, that post included an image of a faked email from UK taxation agency HM Revenue and Customs …
Simon Sharwood, 13 Mar 2015

NCC bags security services outfit Accumuli for £55m

Managed security services outfit Accumuli has been snapped up by rival NCC for a sum of £55m. Both firms reported a strong increase in turnover last year, according to their Companies House filings. Accumuli's revenue rose 18 per cent to £16.6m in 2014. NCC Group recorded revenue of £110.7m, up 12 per cent. Pre-tax profit were …
Kat Hall, 24 Mar 2015

$125m VC war chest awaits NTT Com Security's outgoing boss

The hedge fund that outgoing NTT Com Security overlord Simon Church is joining has $125m to splash on new investments in cyber defence and data services. Church, who provided consultancy for C5 Capital since its inception last year, and was made an advisory board member in April, is to become an "exec in residence" at the equity …
Paul Kunert, 24 Jun 2015
SpaceX CRS-6 launch

SpaceX’s anti-hacker tech powers UK launch of security startup

Infosec 2015 Technology originally developed to keep Chinese hackers from stealing SpaceX's secrets more than a decade ago has become the centrepiece of a browser isolation security startup. Branden Spikes, the chief exec of Spikes Security, spent 15 years as the technological right hand of Elon Musk at startups including PayPal, Tesla and …
John Leyden, 02 Jun 2015
curiosity shadow

How big a problem is Cloud security?

To help readers help each other, we have put together a short, sharp temperature check survey on the topic of cloud security. We're asking a bit about you and your organisation for context and then 5 simple questions that we think nail the key issues and possible solutions. We finish off by getting you to tell us the scariest or …
Dale Vile, 13 Apr 2015
Infosec

Lenovo system update flaws plugged, security world not impressed

Lenovo faces renewed accusations of lax security practices - just three months after the Superfish debacle - after it was obliged to fix flaws in its software update system. Security researchers at IOActive uncovered a mechanism that would have allowed hackers to create a fake certificate authority in order to sign executables. …
John Leyden, 06 May 2015

NTT Com Security to wed UK cyber specialist Nebulas, say sources

NTT Com Security is to acquire rapidly growing London-based Nebulas Solutions Group, according to well-placed industry tipsters. Talks between the pair progressed in recent weeks though details of any financial exchange were not available at the time of writing. Nebulas is unlikely to come cheap. Sources tell us specialist …
Paul Kunert, 27 Feb 2015
Houses of Parliament in night-time

MP resigns as security committee chair amid 'cash-for-access' claims

Former foreign secretary Sir Malcolm Rifkind is stepping down as chair of the UK Parliament’s influential security committee in the wake of "cash for access" allegations. In a statement, Rifkind said he intends to remain a member of the Intelligence and Security Committee but will step down as chairman. The ISC, which overseas …
John Leyden, 24 Feb 2015

Stateside security screeners sacked for squeezing 'sexy' sacks

Two security strokers screeners at Denver airport got the boot after investigators were tipped off about gratuitous groin groping of certain male travellers, a police report reveals. The Office of Inspection of the Transportation Security Administration (TSA) were informed of the pair’s pervy prowess and did a little probing of …
Paul Kunert, 16 Apr 2015
typewriter_wtf_648

Undetectable NSA-linked hybrid malware hits Intel Security radar

CTB Locker ransomware attacks rose 165 per cent in the first three months of 2015. More than a third (35 per cent) of victims were based in Europe, McAfee Labs reported. CTB Locker encrypts files and holds them hostage until the ransom is paid. As such, the crimeware is picking up the baton that dropped with the takedown of the …
John Leyden, 09 Jun 2015

Trustwave's off to Singapore as Singtel slurps security company

Singapore's dominant telco and aspiring services player, Singtel, has acquired Trustwave for about US$810m. Trustwave offers managed security services and the SpiderLabs ethical hacking research outfit, plus a range of network, content and endpoint security products. The company operates in 26 nations and has 1,200 people on the …
Simon Sharwood, 08 Apr 2015

Adobe to hire security auditor to prevent repeat of password SNAFU

Australia's privacy commissioner says basic mistakes at Adobe allowed hackers to ransack its customer database in 2013, and reveals that the company plans to appoint auditors to make sure it won't experience a repeat of the breach. Timothy Pilgrim, holder of the privacy commissioner's office, yesterday released a report [PDF] on …
Simon Sharwood, 09 Jun 2015

Cisco pitches security for SMEs

Small and/or medium businesses and branch offices rejoice: Cisco has joined the ranks of vendors deciding you warrant security you can afford. As incidents like the Target “hack” demonstrated, a small contractor can easily provide a path into an enterprise network, so one of the key chunks of The Borg's latest announcement is to …
register logo

In charge of security? We need to talk...

CIO Manifesto If you head up security for your organisation, you probably feel like you’re caught between know-it all techies, ignorant directors and unbending compliance regulations. So do most of your peers, and that’s why we want to bring you together to discuss the reality of running IT securely in 2015 at our May 20 roundtable. The …
Team Register, 06 May 2015

Scouts take down database due to 'security vulnerabilities'

The Scouts Association has taken down its Compass database, which holds the records of nearly half-a-million young people and adult volunteers, after discovering a "potential security vulnerability," The Register can reveal. In a letter seen by El Reg and addressed to members this morning, the association said the decision was …
Kat Hall, 28 Jan 2015
Australian Prime Minister Tony Abbott

Australia to conduct national cyber-security review

Australia will conduct a national “cyber-security review”. Speaking today at the launch of the new Australian Cyber Security Centre in Canberra today, prime minister Tony Abbott put network security on par with physical security, said it is a guarantor of economic security and added “it is so important we keep one step ahead of …
Simon Sharwood, 27 Nov 2014

Fancy six months of security nirvana for free? Read on...

Promo If you’re one of the 33 per cent of folks who don’t use antivirus protection, we’ve got an offer for you. In fact, even if you’re one of the other two thirds, you’re still going to want to sit up and pay attention. What are we talking about? The chance to ring-up a free subscription to Bitdefender’s Internet Security 2015, which …
Team Register, 13 Apr 2015
John Brennan protests TSA security by going starkers

Feds investigate Homeland Security background checker security breach

A contractor running background checks for the US Department of Homeland Security has suffered a potentially embarrassing security breach. The security snafu at USIS reportedly led to the theft of some DHS employees’ personal information. The recently discovered breach prompted DHS to suspend all work with USIS, pending the …
John Leyden, 05 Nov 2014
Mozilla Firefox Fox sitting down

Mozilla signing vetted add-ons as thoughts turn to security

Mozilla developer Jorge Villalobos claims the web king has begun signing vetted add-ons in a bid to improve security. The move means Mozilla-signed add-ons hosted on its servers will be maintained through automatic updates, while those lacking the signature of approval will be jettisoned into the internet ether. Villalobos says …
Darren Pauli, 29 May 2015
Bitcoins

Canuck Bitcoin exchange gives up after security SNAFU

Canadian Bitcoin exchange Cavirtex, said to be the country's largest, will shut its doors after its two factor authentication credentials were probably compromised. The breach, spotted last Sunday, affected two factor secrets and hashed passwords stored in an older database and did not match log in details to identification …
Darren Pauli, 19 Feb 2015