Articles about Security

Cisco gobbles OpenDNS, sorts out cloud security portfolio

Cisco will buy privately held net security firm OpenDNS for $635m in cash, to make good its cloud security portfolio and boost the networking giant's "security everywhere" approach. Announcing the deal today, the leviathan is offering the bundle of cash alongside assumed equity awards, plus retention based incentives for OpenDNS …

Former USAF chief lands HP Security tour in Oz

Promo HP will be deploying its security big guns over Australia next month, in the shape of its upcoming Security Innovation Tour featuring former US Air Force head of Cyber Security Earl Matthews. The half day events in Sydney and Melbourne will give you an overview of the current threat landscape, and help you harden your systems …
David Gordon, 19 Aug 2015

Intel Security hires ex-Cisco and Avaya man to run global channels

Intel Security - the company formerly known as McAfee - has hired ex-Avaya global channel overlord Richard Steranka to run the rule over its worldwide partner network. The exec will take control of the security firm’s disties, resellers, managed service providers, alliances and embedded OEM chums - and will have his work cut …
Paul Kunert, 24 Aug 2015

China makes internet shut-downs official with new security law

China is able to shut off internet access during major 'social security incidents' and has granted its Cyberspace Administration agency wider decision making powers under a draft law published this month. The draft also appears to require critical infrastructure organisations including foreign entities to store "important" …
Darren Pauli, 13 Jul 2015
Department of Homeland Security

Brit-educated bloke takes Dept of Homeland Security's infosec reins

The US Department of Homeland Security (DHS) has appointed Andy Ozment, currently the Assistant Secretary of the Office of Cybersecurity and Communications – the DHS's main processing center for threat information sharing – as leader of its cybersecurity centre. Ozment will remain in his current assistant role, while assuming …
Lock security

Check Point snaps up mobile security outfit Lacoon

Check Point is buying Lacoon Mobile Security, in a deal that expands the security software firm beyond its core firewall and IDS market while pushing it further into mobile. Terms of the deal, announced Thursday, were undisclosed. Lacoon develops security apps for both iOS and Android, as well as marketing real-time mobile …
John Leyden, 02 Apr 2015
Internet of Things book cover

Strong ARM scoops up Sansa to boost IoT security

Chipmaker ARM has sealed a deal to buy Israeli Internet of Things (IoT) security specialist Sansa Security. Financial terms of the deal, announced Thursday, were not officially disclosed. However, the WSJ previously reported that around $75m-$85m was on the table. ARM makes the chips that power the majority of the world’s …
John Leyden, 30 Jul 2015
£10 notes. Pic: Howard Lake

Show us your security chops with the Cyber 10K challenge

Competition NCC Group has devised a lovely cyber security competition, Cyber 10K, which sees the winning contestant receive £10,000 and expert advice from the company to develop their own security solution.Enter and find out more here. We like the Cyber 10K concept so much that El Reg’s very own John Leyden, who has covered the IT …
David Gordon, 20 Aug 2015

Facebook! exfiltrates! Yahoo! security! boss!

Facebook has poached NSA-clashing Yahoo! security man Alex Stamos to head up its infosec operations. The hire means Menlo Park has filled a three-month vacancy left when security boss Joe Sullivan who oversaw a crackdown on Facebook scammers and scum left for Uber. Stamos fittingly announced his migration on his Facebook …
Darren Pauli, 26 Jun 2015
Cloudy sky

Sophos buys cloudy email security outfit Reflexion Networks

Sophos has acquired cloud-based email security firm Reflexion Networks. Financial terms of the deal, announced on Tuesday, were undisclosed. Reflexion markets archiving, email encryption and business continuity services. Reflexion Total Control blocks spam and viruses before they ever get to the corporate network. Archiving, …
John Leyden, 09 Jun 2015
padlock

US dominates net-security patents, China, Canada and Oz on the advance

The US, China, Canada and Australia are the world's major sources of security patents, according to analysis by LexInnova. The company issued a report on Friday looking at the market for security patent licensing. It'll come as no surprise that Cisco is the 800-pound gorilla of the security game with 6,442 patents (followed …
Cisco security puff from its website

Cisco in single SSH key security stuff-up

A red-faced Cisco has pushed out a patch for a bunch of virtual security appliances that had hard-coded SSH keys. Since the keys are associated with the virty appliances' remote management interface, a successful login would let an attacker waltz through the devices. The Borg has announced that its Web Security Virtual …

Vic Govt security standards to launch next month

The data security boss for the Australian state of Victoria David Watts says more than 2,500 state government agencies will be required to comply with security benchmarks to be released next month. Watts says the Victorian Government Protective Data Security Framework (VPDSF) he and his team developed is slated for release on 1 …
Darren Pauli, 03 Jun 2015

Metasploit maker Rapid7 gobbles web app security testing firm

Metasploit firm Rapid7 has snapped up web and mobile application security testing company NT OBJECTives (NTO). Financial terms of the deal, announced Monday, were undisclosed. Rapid7 has folded NTO’s application security testing product, renamed as Rapid7 AppSpider, into its security data and analytics platform to give customers …
John Leyden, 05 May 2015
Padlocks by Simon Cocks Flickr CC2 license

No more customisation? Cloud Security Alliance calls for Open APIs

The Cloud Security Alliance has teamed up with CipherCloud to try and impose some discipline on the sector by defining protocols and best practice. CipherCloud will co-lead a Cloud Security Open API Working Group to develop vendor neutral protocols and best practices under the the Cloud Access Security Broker Framework. The …
Joe Fay, 30 Jun 2015
spies_648

Rackspace cooking up security-secret-sharing cloud cabal

Rackspace is leading an effort to create a new group of top-tier cloud companies that it hopes will share information about security in close to real time. Rackspace chief security officer Brian Kelly today told The Reg at a Sydney event that he feels cloud companies have to take a lead to address security challenges. …
Simon Sharwood, 30 Jul 2015
British Transport Police cop. Pic: Gordon Joly

Security fears arise over body-worn plodcam footage

Fears have been raised over the security of information from the new police bodycam recordings held in the public cloud by US company Taser. Many police forces are increasingly opting for body-worn video as a way to increase transparency and evidence gathering. The Metropolitan Police had been trialling 1,000 Taser cameras. It …
Kat Hall, 21 Aug 2015

Hacking Team havoc shows even 'security experts' suck at security

Analysis Over the weekend, 400GB of highly sensitive files belonging to Italian malware spyware software house Hacking Team were spread over the internet for everyone to see. The leaked source code and documents look legit, and match what is already known about the secretive firm, which specializes in selling software for monitoring …
Iain Thomson, 06 Jul 2015

Flash deserves to live, says Cisco security man

Don't kill Flash; that's the message from Cisco security veteran John Stewart who says the Adobe team have put in the hard yards into reforming security and needs to weather the current bug storm. The advice follows a call for the ravaged runtime to be expunged from the digital world by former Yahoo-cum-Facebook security man …
Darren Pauli, 31 Jul 2015
De Vaartkapoen. Pic: Bianca Bueno

Security software's a booming market. Why is Symantec stumbling?

Worldwide security software revenue totalled $21.4bn in 2014, a 5.3 per cent increase from 2013's revenue of $20.3bn, according to the serious bean counters at Gartner. A decline in consumer security software and endpoint protection — areas that together account for 39 per cent of the market — was more than offset the strong …
John Leyden, 27 May 2015

Choc Factory research shows users just don't get security

Antivirus software has copped another beating from security experts, who axed the tool from their list of top five security-enhancing recommendations. The findings are contained in the Google study No one can hack my mind: Comparing Expert and Non-Expert Security Practices which polled 231 security experts, and 294 normal …
Darren Pauli, 24 Jul 2015

Symantec data centre security software has security holes

Security bod Stefan Viehböck has detailed holes in Symantec's data centre security platforms that the company plugged this week because they allowed hackers to gain privilege access to management servers. The patches fix holes in the management server for Symantec Critical System Protection (SCSP) 5.2.9 and its predecessor Data …
Darren Pauli, 23 Jan 2015

Security sleuths, sniff out the stupid from your Oracle DBs

Databases remain a security nightmare, says Datacom TSS hacker David Litchfield, so he's built an application to give admins a hand. The Datacom TSS hacker says the Database Security Scorecard will help inform system administrators of security shortfalls in databases and help bridge the language gap between management and tech …
Darren Pauli, 04 Jun 2015
sea_hp_sink

Atalla the hun(ter) leads HP cloud security invasion

HP has revealed a bunch of security analytics tools and services as part of an infosec portfolio launch. The company reckons the IT industry isn't keeping up with security threats, so it's pushing a focus on “the interactions between users, applications and data”. To that end, there's additions to ArcSight, a new cloud security …

Row rumbles on over figures in Oracle CSO’s anti-security rant

Security researchers picking through the entrails of a withdrawn blogpost by Oracle CSO Mary Ann Davidson reckon not even her figures add up. Oracle countered that only it had access to the raw figures, so there. Davidson's 3,000+ word diatribe against bug bounties, security researchers or customers hunting vulnerabilities in …
John Leyden, 18 Aug 2015

New US cyber laws will hit privacy and security, says Homeland Security

The US Department of Homeland Security is hardly what you'd think of as a bunch of whining lefties, but even this agency has come out against the proposed Cybersecurity Information Sharing Act. In a letter [PDF] to Senator Al Franken (D-MN), Alejandro Mayorkas, the deputy secretary of the DHS, said that the proposed American …
Iain Thomson, 04 Aug 2015

FLASH MUST DIE, says Facebook security chief

Newly-minted Facebook security chief Alex Stamos has called for Adobe Flash to be taken out behind the shed by a shotgun-wielding world. The former Yahoo! security head joined Menlo Park this year and over the weekend said in two Tweets that it is time the death knell chimed for the Adobe's much-hacked tool. "It is time for …
Darren Pauli, 14 Jul 2015

Collective noun search for security vulns moves into beta testing

The recent rash of Android vulnerabilities has made it clear that a new collective noun for such flaws, and possibly a separate one for security bugs in general, is required. In its early days the infosec industry borrowed heavily from the lexicon of biology to talk about problems affecting systems: viruses, worms, bugs etc. …
John Leyden, 21 Aug 2015

Senior execs at NTT Com Security quit, but not with immediate effect

Top brass at NTT Com Security are hot footing it out of the organisation at the end of next month, the company confirmed today. CEO Simon Church, formerly COO at reseller Integralis (which NTT acquired in 2009 to form the backbone of its security ops), and chief beanie Heiner Luntz, have quit. Climbing into the chief exec’s …
Paul Kunert, 23 Jun 2015
Sign outside the National Security Agency HQ

Wow, another NSA leak: Network security code appears on GitHub

The NSA today revealed it has uploaded source code to GitHub to help IT admins lock down their networks of Linux machines. The open-source software is called the System Integrity Management Platform (SIMP). It is designed to make sure networks comply with US Department of Defense security standards, but the spy agency says it …
Iain Thomson, 09 Jul 2015

Security world chuckles at Hacking Team’s 'virus torrent' squeals

Controversial spyware maker Hacking Team claims a torrent purporting to contain source code and other documents stolen from its systems is riddled with a "virus" – a claim laughed at by independent security experts in the industry. Some 400GB of Hacking Team's internal emails, source code, and other files were published via …
John Leyden, 06 Jul 2015
Rotten Apple

Apple gets around to fixing those 77 security holes in OS X Yosemite

Apple has released a series of security updates to address 77 CVE-listed security vulnerabilities in OS X Yosemite. The Yosemite 10.10.4 update includes fixes for QuickTime, OpenSSL and ImageIO, along with remote code execution flaws and other exploits that could allow an attacker to obtain elevated privileges or crash …
Shaun Nichols, 30 Jun 2015
GHOST vulnerability

Drum roll, please .... Results are in for the collective noun for security vulns

We've closed the poll, and the results for our attempts to weed out candidates for a collective noun for security vulnerabilities are in. To recap: the recent rash of Android vulnerabilities has made it clear that a new collective noun for such flaws, and possibly a separate one for security bugs in general, was required. We …
John Leyden, 28 Aug 2015
Dunce

NIST issues 'don't be stupid' security guidelines for contractors

There's no irony here at all: America's National Institute of Standards and Technology (NIST) has finalised its advice to US Federal agencies about how sensitive data should be protected when it's handled by contractors and outsiders. The recommendations, if they'd existed and been followed, might have helped protect Americans …

Stop the war between privacy and security – EU data watchdog

Security and privacy are not mutually exclusive says Europe’s privacy watchdog – and people should stop saying they are. The European Data Protection Supervisor (EDPS), Giovanni Buttarelli, told a Brussels conference he was concerned that “the objective of cyber-security may be misused to justify measures which weaken protection …
Jennifer Baker, 29 Apr 2015

RSA supremo rips 'failed' security industry a new backdoor, warns of 'super-mega hack'

RSA 2015 RSA president Amit Yoran tore into the infosec industry today, telling 30,000 attendees at this year's RSA computer security conference that they have failed. “2014 was yet another reminder that we are losing this contest,” Yoran said in his keynote this morning at the annual event in San Francisco, California. “The adversaries …
Darren Pauli, 21 Apr 2015

Sysadmins: Your great power brings the chance to RUIN security

Risk management bod Kris French Junior has offered 10 tips to help security teams bin their boring, technical, and uniformed education schemes The Hyland Software education aficionado takes aim at what he sees as pervasive checkbox compliance-driven and complicated training programs that lack the excitement and pizazz of crowd …
Darren Pauli, 28 Jul 2015

Blackberry hires new security chief

Blackberry has hired security luminary David Kleidermacher to head its security division. Kleidermacher served as the chief technology officer at Green Hills Software which developed secure embedded software for clients in military, industrial and medical industries including the EAL6-rated Integral operating system. He brings …
Darren Pauli, 11 Feb 2015

Someone at Subway is a serious security nerd

XDA comments screen shot App hacker Randy Westergren has outed the application developer at Sandwich kingpin Subway as a serious security nerd. The hacker set sights on the Subway Android app, which allows uses to order and pay for sandwiches from their devices, in a bid to uncover possible vulnerabilities. He instead …
Darren Pauli, 13 Jul 2015
Policeman claps in London street

Europol and Barclays shack up for steamy security shenanigans

EU law enforcement body Europol and Barclays have signed a Memorandum of Understanding (MoU) to formalise their cooperation in combating cybercrime targeting the financial sector. The agreement establishes a formal means for Europol and Barclays to "exchange strategic information, information on trends, expertise and statistical …
man_from_uncle_648

GCHQ: Security software? We'll soon see about THAT

The UK's spook agency GCHQ has been working with the National Security Agency to subvert anti-virus software, according to the latest piece of spoon-fed Snowden info reported on The Intercept. According to Glenn Greenwald's rag, spooks reverse-engineered software products in order to obtain intel – a tactic that will surely come …
Kat Hall, 23 Jun 2015

US to rethink hacker tool export rules after mass freakout in security land

Proposed changes to the US government's export controls on hacking tools will likely be scaled back following widespread criticism from the infosec community, a government spokesman has said. "A second iteration of this regulation will be promulgated," a spokesman for the US Department of Commerce told Reuters, "and you can …
Neil McAllister, 30 Jul 2015
padlock

ISO floats storage security standard

The International Standards Organisation reckons the world needs help securing its data, so has published a new storage security standard to cover it. Because The Register isn't about to shell out 198 Swiss Francs to read the whole thing, we're constrained in our ability to tell you exactly what it contains, but we note that the …

Cisco security software needs security patch

Cisco's ASA FirePOWER services and ASA CX Services are vulnerable to a denial of service (DoS) bug in the virtualisation layer. The just-updated ASA FirePOWER threat-detection platform and ASA CX (which adds application and user ID awareness to the system) could be forced to reload by an attacker hosing their management …

'Security, privacy' main barrier to 'government cloud' rollout in EU

Security and privacy issues are holding back "the cloudification of governmental services" in the EU, according to a new report. The European Union Agency for Network and Information Security (ENISA) said concerns about how sensitive data is protected in a cloud computing environment have not been resolved. It said data security …
OUT-LAW.COM, 04 Mar 2015
Small screen multitasking

Yet another Android app security bug: This time 'everything is affected'

Yet another potentially serious security flaw has been revealed in Android. This time the problem involves the mobile operating system's ability to run more than one app at once – as opposed to its handling of multimedia messages, which was the crux of a cyber* of vulnerabilities last month. The latest security blunder opens …
John Leyden, 20 Aug 2015
Brute force

Home Wi-Fi security's just as good as '90s PC security! Wait, what?

UK home Wi-Fi security is as bad as PC security was in the 1990s, according to a new study. Security software firm Avast found that more than half of all routers are poorly protected by default or common, easily hacked password/ID combinations. Easily hacked password combinations such as admin/admin or admin/password, or even …
John Leyden, 08 Dec 2014

Super Stuxnet's SCADA slaves: security is atrocious

Botnet boffin Peter Kleissner says at least 153 computers are still slaves to Stuxnet. Of those, six are tied to supervisory control and data acquisition (SCADA) systems which the malware is designed to exploit to destroy the attached machinery. Kleissner told a presentation at an information security conference in Vienna last …
Darren Pauli, 11 Jun 2015
Lock security

Check Point buys bare-metal security upstart Hyperwise

Check Point has pounced early to buy up stealth-mode security startup Hyperwise, which does sandboxing on the CPU itself rather than in the OS. Financial terms of the deal, announced on Wednesday, were not disclosed. Israel-based Hyperwise’s CPU level threat prevention technology is designed to throttle malware-based attacks at …
John Leyden, 18 Feb 2015
Android hanging

Another day, another stunning security flaw in Android – this time hitting 55% of mobes

Video Fresh from sorting out the Stagefright flaw, Google has another serious security vulnerability in Android on its hands. A privilege escalation hole allows normal apps to gain superpowers to snoop on a device's owner, smuggle in malware, and wreak other havoc. Youtube Video The vulnerability, CVE-2015-3825, affects about 55 …
Iain Thomson, 10 Aug 2015