Articles about Security

Xen project hypervisor logo

New Xen bug uses security feature to destroy security

Xen has revealed details of bug CVE-2015-6654, which it warned about a couple of weeks back. The good news is that this one is rather less nasty than the string of guest/host escapes it's reported lately thanks largely to leaks in QEMU. Another nice piece of news is that this time around the problem's also only on ARM- …
Simon Sharwood, 01 Sep 2015

Cisco gobbles OpenDNS, sorts out cloud security portfolio

Cisco will buy privately held net security firm OpenDNS for $635m in cash, to make good its cloud security portfolio and boost the networking giant's "security everywhere" approach. Announcing the deal today, the leviathan is offering the bundle of cash alongside assumed equity awards, plus retention based incentives for OpenDNS …

Former USAF chief lands HP Security tour in Oz

Promo HP will be deploying its security big guns over Australia next month, in the shape of its upcoming Security Innovation Tour featuring former US Air Force head of Cyber Security Earl Matthews. The half day events in Sydney and Melbourne will give you an overview of the current threat landscape, and help you harden your systems …
David Gordon, 19 Aug 2015

Intel Security hires ex-Cisco and Avaya man to run global channels

Intel Security - the company formerly known as McAfee - has hired ex-Avaya global channel overlord Richard Steranka to run the rule over its worldwide partner network. The exec will take control of the security firm’s disties, resellers, managed service providers, alliances and embedded OEM chums - and will have his work cut …
Paul Kunert, 24 Aug 2015

China makes internet shut-downs official with new security law

China is able to shut off internet access during major 'social security incidents' and has granted its Cyberspace Administration agency wider decision making powers under a draft law published this month. The draft also appears to require critical infrastructure organisations including foreign entities to store "important" …
Darren Pauli, 13 Jul 2015
Department of Homeland Security

Brit-educated bloke takes Dept of Homeland Security's infosec reins

The US Department of Homeland Security (DHS) has appointed Andy Ozment, currently the Assistant Secretary of the Office of Cybersecurity and Communications – the DHS's main processing center for threat information sharing – as leader of its cybersecurity centre. Ozment will remain in his current assistant role, while assuming …
Lock security

Check Point snaps up mobile security outfit Lacoon

Check Point is buying Lacoon Mobile Security, in a deal that expands the security software firm beyond its core firewall and IDS market while pushing it further into mobile. Terms of the deal, announced Thursday, were undisclosed. Lacoon develops security apps for both iOS and Android, as well as marketing real-time mobile …
John Leyden, 02 Apr 2015
Internet of Things book cover

Strong ARM scoops up Sansa to boost IoT security

Chipmaker ARM has sealed a deal to buy Israeli Internet of Things (IoT) security specialist Sansa Security. Financial terms of the deal, announced Thursday, were not officially disclosed. However, the WSJ previously reported that around $75m-$85m was on the table. ARM makes the chips that power the majority of the world’s …
John Leyden, 30 Jul 2015
£10 notes. Pic: Howard Lake

Show us your security chops with the Cyber 10K challenge

Competition NCC Group has devised a lovely cyber security competition, Cyber 10K, which sees the winning contestant receive £10,000 and expert advice from the company to develop their own security solution.Enter and find out more here. We like the Cyber 10K concept so much that El Reg’s very own John Leyden, who has covered the IT …
David Gordon, 20 Aug 2015

Facebook! exfiltrates! Yahoo! security! boss!

Facebook has poached NSA-clashing Yahoo! security man Alex Stamos to head up its infosec operations. The hire means Menlo Park has filled a three-month vacancy left when security boss Joe Sullivan who oversaw a crackdown on Facebook scammers and scum left for Uber. Stamos fittingly announced his migration on his Facebook …
Darren Pauli, 26 Jun 2015
Cloudy sky

Sophos buys cloudy email security outfit Reflexion Networks

Sophos has acquired cloud-based email security firm Reflexion Networks. Financial terms of the deal, announced on Tuesday, were undisclosed. Reflexion markets archiving, email encryption and business continuity services. Reflexion Total Control blocks spam and viruses before they ever get to the corporate network. Archiving, …
John Leyden, 09 Jun 2015
padlock

US dominates net-security patents, China, Canada and Oz on the advance

The US, China, Canada and Australia are the world's major sources of security patents, according to analysis by LexInnova. The company issued a report on Friday looking at the market for security patent licensing. It'll come as no surprise that Cisco is the 800-pound gorilla of the security game with 6,442 patents (followed …
Cisco security puff from its website

Cisco in single SSH key security stuff-up

A red-faced Cisco has pushed out a patch for a bunch of virtual security appliances that had hard-coded SSH keys. Since the keys are associated with the virty appliances' remote management interface, a successful login would let an attacker waltz through the devices. The Borg has announced that its Web Security Virtual …

Vic Govt security standards to launch next month

The data security boss for the Australian state of Victoria David Watts says more than 2,500 state government agencies will be required to comply with security benchmarks to be released next month. Watts says the Victorian Government Protective Data Security Framework (VPDSF) he and his team developed is slated for release on 1 …
Darren Pauli, 03 Jun 2015

Metasploit maker Rapid7 gobbles web app security testing firm

Metasploit firm Rapid7 has snapped up web and mobile application security testing company NT OBJECTives (NTO). Financial terms of the deal, announced Monday, were undisclosed. Rapid7 has folded NTO’s application security testing product, renamed as Rapid7 AppSpider, into its security data and analytics platform to give customers …
John Leyden, 05 May 2015
Freescale Internet of Things overview

Intel, NSF tip dollars into IoT security

America's National Science Foundation has noticed the dodgy security surrounding the Internet of Things, and has splashed US$6 million in two grants to improve, umm, things. The grants to examine “cyber-physical systems” (CPS), awarded in partnership with Intel, have gone to the University of Pennsylvania's Insup Lee to work …
Padlocks by Simon Cocks Flickr CC2 license

No more customisation? Cloud Security Alliance calls for Open APIs

The Cloud Security Alliance has teamed up with CipherCloud to try and impose some discipline on the sector by defining protocols and best practice. CipherCloud will co-lead a Cloud Security Open API Working Group to develop vendor neutral protocols and best practices under the the Cloud Access Security Broker Framework. The …
Joe Fay, 30 Jun 2015
spies_648

Rackspace cooking up security-secret-sharing cloud cabal

Rackspace is leading an effort to create a new group of top-tier cloud companies that it hopes will share information about security in close to real time. Rackspace chief security officer Brian Kelly today told The Reg at a Sydney event that he feels cloud companies have to take a lead to address security challenges. …
Simon Sharwood, 30 Jul 2015
British Transport Police cop. Pic: Gordon Joly

Security fears arise over body-worn plodcam footage

Fears have been raised over the security of information from the new police bodycam recordings held in the public cloud by US company Taser. Many police forces are increasingly opting for body-worn video as a way to increase transparency and evidence gathering. The Metropolitan Police had been trialling 1,000 Taser cameras. It …
Kat Hall, 21 Aug 2015

Hacking Team havoc shows even 'security experts' suck at security

Analysis Over the weekend, 400GB of highly sensitive files belonging to Italian malware spyware software house Hacking Team were spread over the internet for everyone to see. The leaked source code and documents look legit, and match what is already known about the secretive firm, which specializes in selling software for monitoring …
Iain Thomson, 06 Jul 2015

Flash deserves to live, says Cisco security man

Don't kill Flash; that's the message from Cisco security veteran John Stewart who says the Adobe team have put in the hard yards into reforming security and needs to weather the current bug storm. The advice follows a call for the ravaged runtime to be expunged from the digital world by former Yahoo-cum-Facebook security man …
Darren Pauli, 31 Jul 2015
De Vaartkapoen. Pic: Bianca Bueno

Security software's a booming market. Why is Symantec stumbling?

Worldwide security software revenue totalled $21.4bn in 2014, a 5.3 per cent increase from 2013's revenue of $20.3bn, according to the serious bean counters at Gartner. A decline in consumer security software and endpoint protection — areas that together account for 39 per cent of the market — was more than offset the strong …
John Leyden, 27 May 2015

Choc Factory research shows users just don't get security

Antivirus software has copped another beating from security experts, who axed the tool from their list of top five security-enhancing recommendations. The findings are contained in the Google study No one can hack my mind: Comparing Expert and Non-Expert Security Practices which polled 231 security experts, and 294 normal …
Darren Pauli, 24 Jul 2015

Symantec data centre security software has security holes

Security bod Stefan Viehböck has detailed holes in Symantec's data centre security platforms that the company plugged this week because they allowed hackers to gain privilege access to management servers. The patches fix holes in the management server for Symantec Critical System Protection (SCSP) 5.2.9 and its predecessor Data …
Darren Pauli, 23 Jan 2015

Security sleuths, sniff out the stupid from your Oracle DBs

Databases remain a security nightmare, says Datacom TSS hacker David Litchfield, so he's built an application to give admins a hand. The Datacom TSS hacker says the Database Security Scorecard will help inform system administrators of security shortfalls in databases and help bridge the language gap between management and tech …
Darren Pauli, 04 Jun 2015

Work has started on VMware's secret security disruptor

Late in 2014, VMware's network virtualisation guru Martin Casado suggested that his next move after getting network virtualisation up and running as a business might be to try a new approach to enterprise security. Casado, who is credited with inventing OpenFlow and led Nicira, the company that morphed into VMware's NSX …
Simon Sharwood, 03 Sep 2015
sea_hp_sink

Atalla the hun(ter) leads HP cloud security invasion

HP has revealed a bunch of security analytics tools and services as part of an infosec portfolio launch. The company reckons the IT industry isn't keeping up with security threats, so it's pushing a focus on “the interactions between users, applications and data”. To that end, there's additions to ArcSight, a new cloud security …

Row rumbles on over figures in Oracle CSO’s anti-security rant

Security researchers picking through the entrails of a withdrawn blogpost by Oracle CSO Mary Ann Davidson reckon not even her figures add up. Oracle countered that only it had access to the raw figures, so there. Davidson's 3,000+ word diatribe against bug bounties, security researchers or customers hunting vulnerabilities in …
John Leyden, 18 Aug 2015

New US cyber laws will hit privacy and security, says Homeland Security

The US Department of Homeland Security is hardly what you'd think of as a bunch of whining lefties, but even this agency has come out against the proposed Cybersecurity Information Sharing Act. In a letter [PDF] to Senator Al Franken (D-MN), Alejandro Mayorkas, the deputy secretary of the DHS, said that the proposed American …
Iain Thomson, 04 Aug 2015

FLASH MUST DIE, says Facebook security chief

Newly-minted Facebook security chief Alex Stamos has called for Adobe Flash to be taken out behind the shed by a shotgun-wielding world. The former Yahoo! security head joined Menlo Park this year and over the weekend said in two Tweets that it is time the death knell chimed for the Adobe's much-hacked tool. "It is time for …
Darren Pauli, 14 Jul 2015

Collective noun search for security vulns moves into beta testing

The recent rash of Android vulnerabilities has made it clear that a new collective noun for such flaws, and possibly a separate one for security bugs in general, is required. In its early days the infosec industry borrowed heavily from the lexicon of biology to talk about problems affecting systems: viruses, worms, bugs etc. …
John Leyden, 21 Aug 2015

Senior execs at NTT Com Security quit, but not with immediate effect

Top brass at NTT Com Security are hot footing it out of the organisation at the end of next month, the company confirmed today. CEO Simon Church, formerly COO at reseller Integralis (which NTT acquired in 2009 to form the backbone of its security ops), and chief beanie Heiner Luntz, have quit. Climbing into the chief exec’s …
Paul Kunert, 23 Jun 2015
Sign outside the National Security Agency HQ

Wow, another NSA leak: Network security code appears on GitHub

The NSA today revealed it has uploaded source code to GitHub to help IT admins lock down their networks of Linux machines. The open-source software is called the System Integrity Management Platform (SIMP). It is designed to make sure networks comply with US Department of Defense security standards, but the spy agency says it …
Iain Thomson, 09 Jul 2015

Security world chuckles at Hacking Team’s 'virus torrent' squeals

Controversial spyware maker Hacking Team claims a torrent purporting to contain source code and other documents stolen from its systems is riddled with a "virus" – a claim laughed at by independent security experts in the industry. Some 400GB of Hacking Team's internal emails, source code, and other files were published via …
John Leyden, 06 Jul 2015
Rotten Apple

Apple gets around to fixing those 77 security holes in OS X Yosemite

Apple has released a series of security updates to address 77 CVE-listed security vulnerabilities in OS X Yosemite. The Yosemite 10.10.4 update includes fixes for QuickTime, OpenSSL and ImageIO, along with remote code execution flaws and other exploits that could allow an attacker to obtain elevated privileges or crash …
Shaun Nichols, 30 Jun 2015
GHOST vulnerability

Drum roll, please .... Results are in for the collective noun for security vulns

We've closed the poll, and the results for our attempts to weed out candidates for a collective noun for security vulnerabilities are in. To recap: the recent rash of Android vulnerabilities has made it clear that a new collective noun for such flaws, and possibly a separate one for security bugs in general, was required. We …
John Leyden, 28 Aug 2015
Dunce

NIST issues 'don't be stupid' security guidelines for contractors

There's no irony here at all: America's National Institute of Standards and Technology (NIST) has finalised its advice to US Federal agencies about how sensitive data should be protected when it's handled by contractors and outsiders. The recommendations, if they'd existed and been followed, might have helped protect Americans …

Stop the war between privacy and security – EU data watchdog

Security and privacy are not mutually exclusive says Europe’s privacy watchdog – and people should stop saying they are. The European Data Protection Supervisor (EDPS), Giovanni Buttarelli, told a Brussels conference he was concerned that “the objective of cyber-security may be misused to justify measures which weaken protection …
Jennifer Baker, 29 Apr 2015

RSA supremo rips 'failed' security industry a new backdoor, warns of 'super-mega hack'

RSA 2015 RSA president Amit Yoran tore into the infosec industry today, telling 30,000 attendees at this year's RSA computer security conference that they have failed. “2014 was yet another reminder that we are losing this contest,” Yoran said in his keynote this morning at the annual event in San Francisco, California. “The adversaries …
Darren Pauli, 21 Apr 2015

Sysadmins: Your great power brings the chance to RUIN security

Risk management bod Kris French Junior has offered 10 tips to help security teams bin their boring, technical, and uniformed education schemes The Hyland Software education aficionado takes aim at what he sees as pervasive checkbox compliance-driven and complicated training programs that lack the excitement and pizazz of crowd …
Darren Pauli, 28 Jul 2015

Blackberry hires new security chief

Blackberry has hired security luminary David Kleidermacher to head its security division. Kleidermacher served as the chief technology officer at Green Hills Software which developed secure embedded software for clients in military, industrial and medical industries including the EAL6-rated Integral operating system. He brings …
Darren Pauli, 11 Feb 2015

Someone at Subway is a serious security nerd

XDA comments screen shot App hacker Randy Westergren has outed the application developer at Sandwich kingpin Subway as a serious security nerd. The hacker set sights on the Subway Android app, which allows uses to order and pay for sandwiches from their devices, in a bid to uncover possible vulnerabilities. He instead …
Darren Pauli, 13 Jul 2015
VR

Hidden password-stealing malware lurking in your GPU card? Intel Security thinks not

Fears that malware is hiding in people's graphics chipsets may be overclocked, according to Intel Security. Earlier this year, researchers from the self-styled “Team JellyFish” released a proof-of-concept software nasty capable of exploiting GPUs to swipe passwords and other information typed in by a PC's user. The same …
John Leyden, 01 Sep 2015
Policeman claps in London street

Europol and Barclays shack up for steamy security shenanigans

EU law enforcement body Europol and Barclays have signed a Memorandum of Understanding (MoU) to formalise their cooperation in combating cybercrime targeting the financial sector. The agreement establishes a formal means for Europol and Barclays to "exchange strategic information, information on trends, expertise and statistical …
man_from_uncle_648

GCHQ: Security software? We'll soon see about THAT

The UK's spook agency GCHQ has been working with the National Security Agency to subvert anti-virus software, according to the latest piece of spoon-fed Snowden info reported on The Intercept. According to Glenn Greenwald's rag, spooks reverse-engineered software products in order to obtain intel – a tactic that will surely come …
Kat Hall, 23 Jun 2015

US to rethink hacker tool export rules after mass freakout in security land

Proposed changes to the US government's export controls on hacking tools will likely be scaled back following widespread criticism from the infosec community, a government spokesman has said. "A second iteration of this regulation will be promulgated," a spokesman for the US Department of Commerce told Reuters, "and you can …
Neil McAllister, 30 Jul 2015
padlock

ISO floats storage security standard

The International Standards Organisation reckons the world needs help securing its data, so has published a new storage security standard to cover it. Because The Register isn't about to shell out 198 Swiss Francs to read the whole thing, we're constrained in our ability to tell you exactly what it contains, but we note that the …

HP's TippingPoint security bods on the block, suits shuffled to make way for 3D printers

HP is apparently hoping to sell off its TippingPoint security branch – and has reshuffled execs at the top of its printer and PCs biz – as the looming corporate breakup closes in. Tipping point for TippingPoint Reuters reported on Wednesday that Hewlett-Packard bosses are in talks with a handful of private equity firms that …
Shaun Nichols, 02 Sep 2015

'Security, privacy' main barrier to 'government cloud' rollout in EU

Security and privacy issues are holding back "the cloudification of governmental services" in the EU, according to a new report. The European Union Agency for Network and Information Security (ENISA) said concerns about how sensitive data is protected in a cloud computing environment have not been resolved. It said data security …
OUT-LAW.COM, 04 Mar 2015

Cisco security software needs security patch

Cisco's ASA FirePOWER services and ASA CX Services are vulnerable to a denial of service (DoS) bug in the virtualisation layer. The just-updated ASA FirePOWER threat-detection platform and ASA CX (which adds application and user ID awareness to the system) could be forced to reload by an attacker hosing their management …