Articles about Security

Cisco gobbles OpenDNS, sorts out cloud security portfolio

Cisco will buy privately held net security firm OpenDNS for $635m in cash, to make good its cloud security portfolio and boost the networking giant's "security everywhere" approach. Announcing the deal today, the leviathan is offering the bundle of cash alongside assumed equity awards, plus retention based incentives for OpenDNS …

China makes internet shut-downs official with new security law

China is able to shut off internet access during major 'social security incidents' and has granted its Cyberspace Administration agency wider decision making powers under a draft law published this month. The draft also appears to require critical infrastructure organisations including foreign entities to store "important" …
Darren Pauli, 13 Jul 2015
Lock security

Check Point snaps up mobile security outfit Lacoon

Check Point is buying Lacoon Mobile Security, in a deal that expands the security software firm beyond its core firewall and IDS market while pushing it further into mobile. Terms of the deal, announced Thursday, were undisclosed. Lacoon develops security apps for both iOS and Android, as well as marketing real-time mobile …
John Leyden, 02 Apr 2015

Facebook! exfiltrates! Yahoo! security! boss!

Facebook has poached NSA-clashing Yahoo! security man Alex Stamos to head up its infosec operations. The hire means Menlo Park has filled a three-month vacancy left when security boss Joe Sullivan who oversaw a crackdown on Facebook scammers and scum left for Uber. Stamos fittingly announced his migration on his Facebook …
Darren Pauli, 26 Jun 2015
Cloudy sky

Sophos buys cloudy email security outfit Reflexion Networks

Sophos has acquired cloud-based email security firm Reflexion Networks. Financial terms of the deal, announced on Tuesday, were undisclosed. Reflexion markets archiving, email encryption and business continuity services. Reflexion Total Control blocks spam and viruses before they ever get to the corporate network. Archiving, …
John Leyden, 09 Jun 2015
padlock

US dominates net-security patents, China, Canada and Oz on the advance

The US, China, Canada and Australia are the world's major sources of security patents, according to analysis by LexInnova. The company issued a report on Friday looking at the market for security patent licensing. It'll come as no surprise that Cisco is the 800-pound gorilla of the security game with 6,442 patents (followed …
Cisco security puff from its website

Cisco in single SSH key security stuff-up

A red-faced Cisco has pushed out a patch for a bunch of virtual security appliances that had hard-coded SSH keys. Since the keys are associated with the virty appliances' remote management interface, a successful login would let an attacker waltz through the devices. The Borg has announced that its Web Security Virtual …

Vic Govt security standards to launch next month

The data security boss for the Australian state of Victoria David Watts says more than 2,500 state government agencies will be required to comply with security benchmarks to be released next month. Watts says the Victorian Government Protective Data Security Framework (VPDSF) he and his team developed is slated for release on 1 …
Darren Pauli, 03 Jun 2015

Metasploit maker Rapid7 gobbles web app security testing firm

Metasploit firm Rapid7 has snapped up web and mobile application security testing company NT OBJECTives (NTO). Financial terms of the deal, announced Monday, were undisclosed. Rapid7 has folded NTO’s application security testing product, renamed as Rapid7 AppSpider, into its security data and analytics platform to give customers …
John Leyden, 05 May 2015
Padlocks by Simon Cocks Flickr CC2 license

No more customisation? Cloud Security Alliance calls for Open APIs

The Cloud Security Alliance has teamed up with CipherCloud to try and impose some discipline on the sector by defining protocols and best practice. CipherCloud will co-lead a Cloud Security Open API Working Group to develop vendor neutral protocols and best practices under the the Cloud Access Security Broker Framework. The …
Joe Fay, 30 Jun 2015

Hacking Team havoc shows even 'security experts' suck at security

Analysis Over the weekend, 400GB of highly sensitive files belonging to Italian malware spyware software house Hacking Team were spread over the internet for everyone to see. The leaked source code and documents look legit, and match what is already known about the secretive firm, which specializes in selling software for monitoring …
Iain Thomson, 06 Jul 2015
De Vaartkapoen. Pic: Bianca Bueno

Security software's a booming market. Why is Symantec stumbling?

Worldwide security software revenue totalled $21.4bn in 2014, a 5.3 per cent increase from 2013's revenue of $20.3bn, according to the serious bean counters at Gartner. A decline in consumer security software and endpoint protection — areas that together account for 39 per cent of the market — was more than offset the strong …
John Leyden, 27 May 2015

Choc Factory research shows users just don't get security

Antivirus software has copped another beating from security experts, who axed the tool from their list of top five security-enhancing recommendations. The findings are contained in the Google study No one can hack my mind: Comparing Expert and Non-Expert Security Practices which polled 231 security experts, and 294 normal …
Darren Pauli, 24 Jul 2015

Symantec data centre security software has security holes

Security bod Stefan Viehböck has detailed holes in Symantec's data centre security platforms that the company plugged this week because they allowed hackers to gain privilege access to management servers. The patches fix holes in the management server for Symantec Critical System Protection (SCSP) 5.2.9 and its predecessor Data …
Darren Pauli, 23 Jan 2015

Security sleuths, sniff out the stupid from your Oracle DBs

Databases remain a security nightmare, says Datacom TSS hacker David Litchfield, so he's built an application to give admins a hand. The Datacom TSS hacker says the Database Security Scorecard will help inform system administrators of security shortfalls in databases and help bridge the language gap between management and tech …
Darren Pauli, 04 Jun 2015
sea_hp_sink

Atalla the hun(ter) leads HP cloud security invasion

HP has revealed a bunch of security analytics tools and services as part of an infosec portfolio launch. The company reckons the IT industry isn't keeping up with security threats, so it's pushing a focus on “the interactions between users, applications and data”. To that end, there's additions to ArcSight, a new cloud security …

FLASH MUST DIE, says Facebook security chief

Newly-minted Facebook security chief Alex Stamos has called for Adobe Flash to be taken out behind the shed by a shotgun-wielding world. The former Yahoo! security head joined Menlo Park this year and over the weekend said in two Tweets that it is time the death knell chimed for the Adobe's much-hacked tool. "It is time for …
Darren Pauli, 14 Jul 2015

Senior execs at NTT Com Security quit, but not with immediate effect

Top brass at NTT Com Security are hot footing it out of the organisation at the end of next month, the company confirmed today. CEO Simon Church, formerly COO at reseller Integralis (which NTT acquired in 2009 to form the backbone of its security ops), and chief beanie Heiner Luntz, have quit. Climbing into the chief exec’s …
Paul Kunert, 23 Jun 2015
Sign outside the National Security Agency HQ

Wow, another NSA leak: Network security code appears on GitHub

The NSA today revealed it has uploaded source code to GitHub to help IT admins lock down their networks of Linux machines. The open-source software is called the System Integrity Management Platform (SIMP). It is designed to make sure networks comply with US Department of Defense security standards, but the spy agency says it …
Iain Thomson, 09 Jul 2015

Security world chuckles at Hacking Team’s 'virus torrent' squeals

Controversial spyware maker Hacking Team claims a torrent purporting to contain source code and other documents stolen from its systems is riddled with a "virus" – a claim laughed at by independent security experts in the industry. Some 400GB of Hacking Team's internal emails, source code, and other files were published via …
John Leyden, 06 Jul 2015
Rotten Apple

Apple gets around to fixing those 77 security holes in OS X Yosemite

Apple has released a series of security updates to address 77 CVE-listed security vulnerabilities in OS X Yosemite. The Yosemite 10.10.4 update includes fixes for QuickTime, OpenSSL and ImageIO, along with remote code execution flaws and other exploits that could allow an attacker to obtain elevated privileges or crash …
Shaun Nichols, 30 Jun 2015
Dunce

NIST issues 'don't be stupid' security guidelines for contractors

There's no irony here at all: America's National Institute of Standards and Technology (NIST) has finalised its advice to US Federal agencies about how sensitive data should be protected when it's handled by contractors and outsiders. The recommendations, if they'd existed and been followed, might have helped protect Americans …

Stop the war between privacy and security – EU data watchdog

Security and privacy are not mutually exclusive says Europe’s privacy watchdog – and people should stop saying they are. The European Data Protection Supervisor (EDPS), Giovanni Buttarelli, told a Brussels conference he was concerned that “the objective of cyber-security may be misused to justify measures which weaken protection …
Jennifer Baker, 29 Apr 2015

RSA supremo rips 'failed' security industry a new backdoor, warns of 'super-mega hack'

RSA 2015 RSA president Amit Yoran tore into the infosec industry today, telling 30,000 attendees at this year's RSA computer security conference that they have failed. “2014 was yet another reminder that we are losing this contest,” Yoran said in his keynote this morning at the annual event in San Francisco, California. “The adversaries …
Darren Pauli, 21 Apr 2015

Sysadmins: Your great power brings the chance to RUIN security

Risk management bod Kris French Junior has offered 10 tips to help security teams bin their boring, technical, and uniformed education schemes The Hyland Software education aficionado takes aim at what he sees as pervasive checkbox compliance-driven and complicated training programs that lack the excitement and pizazz of crowd …
Darren Pauli, 28 Jul 2015

Someone at Subway is a serious security nerd

XDA comments screen shot App hacker Randy Westergren has outed the application developer at Sandwich kingpin Subway as a serious security nerd. The hacker set sights on the Subway Android app, which allows uses to order and pay for sandwiches from their devices, in a bid to uncover possible vulnerabilities. He instead …
Darren Pauli, 13 Jul 2015

Blackberry hires new security chief

Blackberry has hired security luminary David Kleidermacher to head its security division. Kleidermacher served as the chief technology officer at Green Hills Software which developed secure embedded software for clients in military, industrial and medical industries including the EAL6-rated Integral operating system. He brings …
Darren Pauli, 11 Feb 2015
Policeman claps in London street

Europol and Barclays shack up for steamy security shenanigans

EU law enforcement body Europol and Barclays have signed a Memorandum of Understanding (MoU) to formalise their cooperation in combating cybercrime targeting the financial sector. The agreement establishes a formal means for Europol and Barclays to "exchange strategic information, information on trends, expertise and statistical …
man_from_uncle_648

GCHQ: Security software? We'll soon see about THAT

The UK's spook agency GCHQ has been working with the National Security Agency to subvert anti-virus software, according to the latest piece of spoon-fed Snowden info reported on The Intercept. According to Glenn Greenwald's rag, spooks reverse-engineered software products in order to obtain intel – a tactic that will surely come …
Kat Hall, 23 Jun 2015
padlock

ISO floats storage security standard

The International Standards Organisation reckons the world needs help securing its data, so has published a new storage security standard to cover it. Because The Register isn't about to shell out 198 Swiss Francs to read the whole thing, we're constrained in our ability to tell you exactly what it contains, but we note that the …

Cisco security software needs security patch

Cisco's ASA FirePOWER services and ASA CX Services are vulnerable to a denial of service (DoS) bug in the virtualisation layer. The just-updated ASA FirePOWER threat-detection platform and ASA CX (which adds application and user ID awareness to the system) could be forced to reload by an attacker hosing their management …

'Security, privacy' main barrier to 'government cloud' rollout in EU

Security and privacy issues are holding back "the cloudification of governmental services" in the EU, according to a new report. The European Union Agency for Network and Information Security (ENISA) said concerns about how sensitive data is protected in a cloud computing environment have not been resolved. It said data security …
OUT-LAW.COM, 04 Mar 2015

Super Stuxnet's SCADA slaves: security is atrocious

Botnet boffin Peter Kleissner says at least 153 computers are still slaves to Stuxnet. Of those, six are tied to supervisory control and data acquisition (SCADA) systems which the malware is designed to exploit to destroy the attached machinery. Kleissner told a presentation at an information security conference in Vienna last …
Darren Pauli, 11 Jun 2015
Brute force

Home Wi-Fi security's just as good as '90s PC security! Wait, what?

UK home Wi-Fi security is as bad as PC security was in the 1990s, according to a new study. Security software firm Avast found that more than half of all routers are poorly protected by default or common, easily hacked password/ID combinations. Easily hacked password combinations such as admin/admin or admin/password, or even …
John Leyden, 08 Dec 2014
Honeywell Tuxedo Touch

SOHOpeless: Security stains on Honeywell's Tuxedo home automator

Honeywell has issued an urgent firmware update for its three-year-old Tuxedo Touch home automation controller to patch vulnerabilities that could, among other things, let an attacker unlock users' deadlocks. This CERT advisory explains that without the firmware upgrade, all users are vulnerable to authentication bypass and …
Lock security

Check Point buys bare-metal security upstart Hyperwise

Check Point has pounced early to buy up stealth-mode security startup Hyperwise, which does sandboxing on the CPU itself rather than in the OS. Financial terms of the deal, announced on Wednesday, were not disclosed. Israel-based Hyperwise’s CPU level threat prevention technology is designed to throttle malware-based attacks at …
John Leyden, 18 Feb 2015

ISC2 launches security cert training for cloud-defending cherubs

ISC2 has announced the dates of its training courses for its new cloud security certification, created alongside Cloud Security Alliance (CSA), beginning with exam availability in PearsonVUE testing centres from 21 July. The pitch for the ISC2- and CSA-developed Certified Cloud Security Professional (CCSP) certification …
Oracle headquarters

Oracle grunts, grimaces, pushes out 98-flaw security patch batch

Oracle has patched nearly 100 security flaws in Java, Fusion Middleware, Database, MySQL and other products. For Java SE, the update fixes 14 CVE-listed bugs. All of the flaws are remotely exploitable without authentication to compromise a victim's computer, and three were given risk assessment scores of 10 out of 10. (Psst ... …
Shaun Nichols, 15 Apr 2015
Homer Simpson reading on a tablet

Help! Virgin Media FORGETS to renew its security certificate on contact page

Virgin Media has failed to renew its security certificate on the company's 'Contact us' page of its website. It is currently displaying an "untrusted connection" warning about the help.virginmedia.com url. Customers who attempt to contact the Liberty Global-owned cable firm are greeted with the confusing alert that suggests …
Kelly Fiveash, 15 Mar 2015

We’re in bed together, admit Intel Security, Trend Micro and NCA

The UK's National Crime Agency has enlisted two leading security firms as part of a collaborative intelligence-sharing effort. Intel Security and Trend Micro will be part of the "virtual threat teams" which will provide the police with intelligence on cybercrime threats in the UK and the rest of the world. As both companies …
HMRC

Security vendor's blog post pinched to make HMRC phish look legit

Netcraft has found that security firm TrustWave inadvertently gave phishers a helping hand. The situation starts in this December 2010 blog post by Gavin Neale of M86 Security Labs, a company since acquired by TrustWave. Until Wednesday, that post included an image of a faked email from UK taxation agency HM Revenue and Customs …
Simon Sharwood, 13 Mar 2015

NCC bags security services outfit Accumuli for £55m

Managed security services outfit Accumuli has been snapped up by rival NCC for a sum of £55m. Both firms reported a strong increase in turnover last year, according to their Companies House filings. Accumuli's revenue rose 18 per cent to £16.6m in 2014. NCC Group recorded revenue of £110.7m, up 12 per cent. Pre-tax profit were …
Kat Hall, 24 Mar 2015

$125m VC war chest awaits NTT Com Security's outgoing boss

The hedge fund that outgoing NTT Com Security overlord Simon Church is joining has $125m to splash on new investments in cyber defence and data services. Church, who provided consultancy for C5 Capital since its inception last year, and was made an advisory board member in April, is to become an "exec in residence" at the equity …
Paul Kunert, 24 Jun 2015
SpaceX CRS-6 launch

SpaceX’s anti-hacker tech powers UK launch of security startup

Infosec 2015 Technology originally developed to keep Chinese hackers from stealing SpaceX's secrets more than a decade ago has become the centrepiece of a browser isolation security startup. Branden Spikes, the chief exec of Spikes Security, spent 15 years as the technological right hand of Elon Musk at startups including PayPal, Tesla and …
John Leyden, 02 Jun 2015
mondeo_powerflow

Ford's 400,000-car recall could be the tip of an auto security iceberg

Ford’s recall of more than 400,000 cars in North America to fix a software bug may be just the first of many for the motor industry as automobiles become increasingly complex, security researchers warn. As previously reported, a total of 433,000 2015 Focus, C-MAX and Escape cars are being recalled to dealerships for a software …
John Leyden, 08 Jul 2015
Jeb Johnson

US Homeland Security boss wants nationwide law for reporting network break-ins

Politicians need to educate themselves about technology and enact new legislation to strengthen America's computer networks against attack, according to the director of US Homeland Security Jeh Johnson. Speaking at a conference organized by the Center for Strategic and International Studies, Johnson said that top of his wish …
Iain Thomson, 09 Jul 2015
curiosity shadow

How big a problem is Cloud security?

To help readers help each other, we have put together a short, sharp temperature check survey on the topic of cloud security. We're asking a bit about you and your organisation for context and then 5 simple questions that we think nail the key issues and possible solutions. We finish off by getting you to tell us the scariest or …
Dale Vile, 13 Apr 2015
Infosec

Lenovo system update flaws plugged, security world not impressed

Lenovo faces renewed accusations of lax security practices - just three months after the Superfish debacle - after it was obliged to fix flaws in its software update system. Security researchers at IOActive uncovered a mechanism that would have allowed hackers to create a fake certificate authority in order to sign executables. …
John Leyden, 06 May 2015

NTT Com Security to wed UK cyber specialist Nebulas, say sources

NTT Com Security is to acquire rapidly growing London-based Nebulas Solutions Group, according to well-placed industry tipsters. Talks between the pair progressed in recent weeks though details of any financial exchange were not available at the time of writing. Nebulas is unlikely to come cheap. Sources tell us specialist …
Paul Kunert, 27 Feb 2015
Houses of Parliament in night-time

MP resigns as security committee chair amid 'cash-for-access' claims

Former foreign secretary Sir Malcolm Rifkind is stepping down as chair of the UK Parliament’s influential security committee in the wake of "cash for access" allegations. In a statement, Rifkind said he intends to remain a member of the Intelligence and Security Committee but will step down as chairman. The ISC, which overseas …
John Leyden, 24 Feb 2015