Feeds

Articles about Security

Kaspersky Lab logo

Kaspersky's Security for Virtualization pushed to XenServer and HyperV

Kaspersky is extending its Security for Virtualuzation Light Agent security tool to the Citrix XenServer and Microsoft HyperV platforms. The company said that the Light Agent tool will launch on April 22 with XenServer and HyperV support as well as new options for VMware's vSphere hypervisor. The company will continue to …
Shaun Nichols, 15 Apr 2014

Trustwave gobbles up Application Security, gorges itself on tech

Data security biz Trustwave has acquired fellow data security provider Application Security, a startup that specialises in automated database security scanning technologies. Financial terms of the deal, announced on Monday, were undisclosed. Privately-held Application Security develops security software for relational databases …
John Leyden, 12 Nov 2013

Cisco kicks off $300k Internet of Things security competition

Cisco has announced prizes of up to $US75,000 to get help finding ways to secure the burgeoning Internet of Things. Anyone who watches the procession of SCADA vulnerabilities, the exposures discoverable through the Shodan search engine, or the recent bugs popping up in cars, routers, home automation and (maybe) smart appliances …

Google slurps sound-powered security upstart SlickLogin

Google has bought five-month-old security startup SlickLogin, which specialises in sound-based authentication technology. Financial terms of the deal were kept secret. The Israel-based company, which was founded by three ex-Israeli-military security bods in 2013, announced that it had been scooped up by Google in a statement on …
Kelly Fiveash, 17 Feb 2014
Red Hat Shadowman logo

Red Hat plans unified security management for Fedora 21

Red Hat is planning a significant change to how its Fedora Linux distribution handles crypto policy, to ship with the due-in-late-2014 Fedora 21 release. In this wiki post, the Fedora Project outlines what it calls “system-wide crypto policy”. The idea is that Fedora would provide consistent security for all applications running …

Pakistan mulls cyber security bill to keep NSA at bay

Pakistan’s Upper House this week began debating a new bill seeking to establish a National Cyber Security Council, an agency the nation feels is needed in the wake of Edward Snowden's myriad revelations about NSA surveillance. The Cyber Security Council Bill 2014 was presented by Senator Mushahid Hussain Sayed on Monday with the …
Phil Muncaster, 15 Apr 2014
Stourport cctv image 12.03.03

Dimwit hackers use security camera DVRs as SUPER-SLOW Bitcoin-mining rig

Miscreants are using hacked digital video recorders in a somewhat misguided attempt to mine cryptocurrency BitCoins. Hackers have created custom code to infect devices normally used for recording footage from security cameras. After getting in, likely to taking advantage of weak default passwords, a common security mistake with …
John Leyden, 02 Apr 2014
Tesla Model S

Researcher lights fire under Tesla security

A security researcher is calling on Tesla to introduce two-factor authentication for access to the combination of services that make its Tesla S model one of the most “Internet of Things” vehicles in the world today. As noted by Threatpost, researcher Nitesh Dhanjani has found that the combination of a mere six-character …

US government green-lights data swapping for security firms

Security firms looking to share research data with their peers need not fear the US Federal Trade Commission or Department of Justice any more. The FTC and DOJ issued a joint policy statement on Thursday assuring the security community that they will not pursue antitrust cases against companies that share their security …
Shaun Nichols, 10 Apr 2014
management strategy4

Security vet Rafferty rocks up at Clearswift with bold plan

Security industry vet Ciaran Rafferty has been tapped up by Brit content and email traffic filtering firm Clearswift to run global sales. Billed by the firm as an industry rainmaker - someone that can conjure clients and cash - Rafferty has bags of channel experience gained in numerous previous roles. According to the man he'll …
Paul Kunert, 11 Mar 2014
FBcoldstoragearray

Facebook flashes its One Tool To Rule Them All in security threat analysis

Facebook has bragged about a new internal tool that combines all sorts of live data on internet security threats – such as any new malware doing the rounds and known dodgy URLS. The social network's engineers said the utility, imaginatively dubbed ThreatData, collects software nasties shared by researchers and also throws in …
Iain Thomson, 26 Mar 2014
Astute Class Submarine

Palo Alto Networks snaps up NSA-trained security company

Government-trained security company Morta Security has been snapped up by Palo Alto Networks for an undisclosed sum. The acquisition was announced on Monday and arms Palo Alto Networks with a company whose staff hail from the National Security Agency, US Army, US Air Force, and others. "The Morta team brings additional valuable …
Jack Clark, 07 Jan 2014

iOS 7's weak random number generator stuns kernel security – claim

In an effort to improve iDevice security, Apple replaced its internal random number generator between iOS 6 and iOS 7 – but a security researcher believes Cupertino inadvertently downgraded security. The issue is outlined here by Azimuth Security, whose Tarjei Mandt also detailed the issue at last week's CanSecWest conference in …
Eugene Kaspersky in Sydney

Eugene Kaspersky: Ukraine conflict hurts enterprise security

As governments around the world continue to wrangle for a peaceful solution to the political tensions in the Ukraine, cybercriminals could catch governments off guard with online attacks, warns Kaspersky Lab CEO Eugene Kaspersky. Speaking at a summit in San Francisco, the Kaspersky Lab cofounder and namesake expressed concern …
Shaun Nichols, 16 Apr 2014

GNU security library GnuTLS fails on cert checks: Patch now

The notion that open source software is more likely to be secure because anyone can look at the source code looks just a little less sound today, after a serious bug was discovered in the key GnuTLS security library, impacting hundreds of applications that use it. According to this Red Hat advisory: “It was discovered that …

Capita IT Services slurps up small security biz

Crapita Capita IT Services confirmed today it has hoovered up security reseller minnow Network Technology Solutions for an undisclosed sum. This is the first bite-size deal of the year for CITS but given its historic addiction to acquisition will unlikely be its last. London-based NTS (UK) majors on intrusion detection and …
Paul Kunert, 21 Mar 2014
VMware Project Octopus

Does virtualisation hamper security in your organisation?

What’s not to like about server virtualisation? You can consolidate infrastructure to save money, stand up new servers quickly and without scrabbling for hardware budget, and generally improve the flexibility of your IT environment. Past reader research studies, however, have highlighted some of the less desirable side effects …
David Gordon, 09 Nov 2013

Microsoft hardens EMET security tool: OK, it's not invulnerable, but it's free

Microsoft has beefed up its Enhanced Mitigation Experience Toolkit (EMET), adding features designed to block more exploits. The release of the technical review (beta) version of the tool, EMET 5.0, follows the discovery of new attacks against earlier versions of the technology. EMET 5.0 beta comes with a feature called Attack …
John Leyden, 26 Feb 2014

Big data minnow swallowed by security player Accumuli

AIM-listed specialist security player Accumuli has coughed £1.9m for small Bracknell-based big data analytics reseller and integrator EQUALIS, it confirmed to the City today. This bolt-on-buy adds a seven-strong band of big data boffins that sell software from Splunk - for which EQUALIS is Blighty's only authorised training …
Paul Kunert, 02 Dec 2013
Bounty hunters

How much is a security bug report worth to Facebook? About $2,100

Facebook wasn't the first to offer security researchers bounties for reporting vulnerabilities – but the social network reports it paid out $1.5m in 2013 for bug reports, and says it is increasing the amount of cash on offer in the coming year. According to the advertising giant, it received 14,763 reports of suspected flaws …
Iain Thomson, 03 Apr 2014
Cedric Blancher

Security researcher Cédric 'Sid' Blancher dead at 37

Security researcher Cédric “Sid” Blancher has reportedly been killed in a skydiving accident in France. At the time of writing, details of the accident remain sketchy. However, the Courrier-Picard says he died instantly after "a heavy fall on the landing zone" at the Frétoy-le-Chateau airfield. Among other things, the 37-year- …

Win XP security deadline: Biz bods MUST protect user data – ICO

The end of support for XP on Tuesday doesn't only mean increased risk from hackers exploiting vulnerabilities that will never be patched. It also creates a heightened data protection risk to businesses, the UK's data privacy watchdog has warned. The Information Commissioner's Office (ICO) also warned that the end of support for …
John Leyden, 08 Apr 2014

Micro P consumes security minnow Cohort Technology

Micro P has hoovered up fellow Basingstoke-based virtualisation, security and comms distie Cohort Technology for an undisclosed fee. This adds some 14 new vendors to Micro P, itself owned by Irish conglomerate DCC, with the most notable names including ShoreTel, Citrix and Stonesoft. In addition to product distribution, Cohort …
Paul Kunert, 04 Oct 2013
GCHQ Oakley Sign

Brit security startup turns to France for help

British security startup Darktrace has nabbed Andrew France, the former head of the UK government security snoops at GCHQ, as its chief executive. "We are delighted to welcome Andrew to the team," said Darktrace's chief operating officer Stephen Huxter in a canned statement. "Andrew's experience of national cyber operations and …
Jack Clark, 31 Jan 2014

NHS website hit by MASSIVE malware security COCKUP

Hundreds of URLs on the NHS website have been flooded with malware by hackers and - at time of writing - it remains exposed. The security blunder was first spotted early this morning and an alert was posted on Reddit along with a list of 587 pages said to have been compromised on the www.nhs.uk site. The Register put calls in …
Kelly Fiveash, 03 Feb 2014

Security guru Bruce Schneier to leave employer BT

Noted security guru Bruce Schneier, who has spent a great deal of energy publicly analysing the Edward Snowden leaks into the activities of the NSA and allied spy agencies, is to leave UK telco BT. A spokesman for BT said: “We can confirm that Bruce Schneier, BT’s security futurologist, is leaving BT at the end of December 2013 …
John Leyden, 16 Dec 2013
The Register breaking news

Putting the security jigsaw together

Effective IT security is both important and hard to implement, and it isn’t getting any easier. Central systems are becoming more complex, and keeping up with the ever-changing threat landscape is an ongoing challenge. Then there's the fact that end users are more mobile than ever and increasingly reckon they should be able to …
Tony Lock, 06 Sep 2013
Will Shackleton, UKCSC 2014 winner

Soon-to-be Facebook intern wins UK Cyber Security Challenge

A 19-year-old student was crowned the UK Cyber Security Champion after beating all comers over the course of a year-long competition that tested computer defence skills. Will Shackleton, a University of Cambridge student who develops mobile apps in his spare time, beat over 3,000 entrants and 41 fellow finalists to win the …
John Leyden, 17 Mar 2014

Apple iOS 7 security bug allows fiendish wags to easily empty your wallet

Apple has updated iOS 7 to fix a security bug that allowed miscreants to buy stuff from the online Apple Store without having to tap in a valid password. The Cupertino idiot-tax operation said new version 7.0.4 patches a flaw that affected in-app and app purchases. Usually, one must supply his or her Apple account username and …
Shaun Nichols, 16 Nov 2013

Would you hire a hacker to run your security? 'Yes' say Brit IT bosses

More than two in three IT professionals would consider ex-hackers for security roles, providing they have the right skills to do the job, a survey has found. In addition, 40 per cent of respondents to CWJobs' survey of 352 IT bods reckoned there aren't enough skilled security professionals in the UK technology industry. As if …
John Leyden, 30 Sep 2013

BT-owned ISP Plusnet fails to plug security hole on its customer signup page

Sheffield-based telco Plusnet isn't doing any of its new customers "proud" right now, after an anonymous source told The Register that the company was currently transmitting personal details over an unencrypted web page. The firm, which is owned by telecom giant BT, is asking interested subscribers to fill in a form online that …
Kelly Fiveash, 22 Jan 2014

Symantec retires low-end security software

Symantec has quietly retired its PC Tools range of security products. Acquired in 2008, PC Tools offered consumer-and-micro-business-grade anti-virus and network security tools dubbed “Spyware Doctor”, “Internet Security” and “Spyware Doctor with Antivirus”. Buying the Australian company that created the products gave Symantec a …
Simon Sharwood, 28 May 2013
Beginners All-purpose Symbolic Instruction Code

Amazon is decompiling our apps in security gaffe hunt, says dev

Amazon's crackdown on mishandling AWS credentials has astonished one software developer, who says the cloud giant is reverse-engineering Android apps for inspection. In this blog post, Raj Bala admitted his app included his private "AWS credentials as simple strings within the app itself”, and as a result, he's received a notice …
Joe Sullivan

Facebook security chief: We're not encrypting everything between our data centers just yet

A couple of weeks ago Facebook scheduled a press powwow with its chief security officer Joe Sullivan to discuss defenses for the social network and its users. Then, a week later, Sullivan's boss made an angry call to the White House to complain about intelligence agents using Facebook as a conduit for spying on people. "I don’t …
Iain Thomson, 19 Mar 2014

Security holes in Word, the Windows kernel and Adobe Flash. Party like it's Patch Tuesday again

Flaws in Microsoft Word and Office Web Apps that allow hackers to execute malicious code on vulnerable systems have been fixed in Redmond's latest monthly batch of security bug fixes. In addition, two bugs at the kernel level of Windows XP and 7, and Server 2003 and 2008 R2, allow logged-in attackers to escalate their privileges …
Shaun Nichols, 15 Jan 2014

Japan needs 80,000 EXTRA info-security bods to stay safe

Japan has an 80,000 shortfall in infosec professionals, and needs to provide extra training for more than half of those currently in the industry, if it’s to protect key IT systems from attack, according to the government. A government panel of information security experts met back in June to draw up a long term plan to address …
Phil Muncaster, 09 Oct 2013

Energy firms' security so POOR, insurers REFUSE to take their cash

Underwriters are reportedly refusing to insure energy firms because poor security controls are leaving them wide open to attacks by hackers and malware infestations. Lloyd's of London told the BBC they had seen a surge in requests for insurance from energy sector firms but poor test scores from security risk assessors means that …
John Leyden, 27 Feb 2014
Pinky and the Brain

BT's IPv6 EXPIRED security certificate left to rot on its website

BT may insist that it is committed to a smooth transition to the new interwebs address system – IPv6 – but a quick glance at the company's corporate website last month left some Brits questioning the one-time national telco's promise. That's because the telecoms giant embarrassingly failed to spot the fact that its security …
Kelly Fiveash, 05 Mar 2014
counterintelligence_foriegn_spies

Security researchers uncover three-year-old 'RUSSIAN SPYware'

Security researchers have discovered a complex and sophisticated piece of data-stealing malware they suggest may well be the work of state-sponsored hackers in Russia. The Uroburos rootkit, named after a mythical serpent or dragon that ate its own tail – and a sequence of characters concealed deep within the malware’s code ( …
John Leyden, 04 Mar 2014

KPMG cuts its funding for UK.gov's Cyber Security Challenge

KPMG is cutting back on its sponsorship of the UK government-backed Cyber Security Challenge after concluding the puzzle-based focus of the competition is failing to attract the right kind of potential recruits into the infosec profession. Senior security staff at the professional services firm told Computing that it was scaling …
John Leyden, 17 Jan 2014
A fake tattoo on the leg of Canberra Raiders footballer Sandor Earl, sent by Huawei as an April Fool

The web needs globally backed, verifiable security standards – says Huawei

Chinese networking hardware behemoth Huawei has issued its second annual cybersecurity white paper and is calling for manufacturers around the world to set up testable security standards that will ensure everyone's reading from the same hymn sheet. "The biggest hurdle is that the technology industry doesn't want mandatory global …
Iain Thomson, 19 Oct 2013
bug on keyboard

Aargh! Bamboozled by security licensing - what works for my family?

And so to El Reg Forums and Edwin, a commentard since 2007, who is having a bit of trouble in choosing IT security software for his family. He writes: I'm rapidly losing my mind in the minefield that is security software, particularly when it comes to licensing many devices... The internet has become useless for this sort of …
Drew Cullen, 19 Feb 2014

RIP Full Disclosure: Security world reacts to key mailing list's death

The legendary Full Disclosure mailing list, where security researchers posted details of exploits and software vulnerabilities, is shutting down. The service, which had been running for nearly 12 years since July 2002, has been suspended indefinitely after list admin John Cartwright was no longer prepared to put up with the …
John Leyden, 19 Mar 2014
Job cuts jpeg

Layoffs at EMC's RSA security division

RSA, the security division of EMC, has confirmed plans to restructure its business, a move than means an unspecified number of long-term staffers will be shown the door. Details are scarce, for now, but RSA said that it plans to make new hires that will more than offset job losses by start of 2014. It wrote in an email: While …
John Leyden, 20 Sep 2013
PayPass

Survey: Just 1 in 3 Euro biz slackers meets card security standards

European businesses are lagging far behind the rest of the world in compliance with global payment card industry security standards, according to a new survey. Just under one-third (31 per cent) of surveyed European businesses met 80 per cent or more of the PCI Data Security Standard (DSS) requirements, compared with 75 per cent …
John Leyden, 11 Feb 2014
BlackBerry logo

BlackBerry on the brink: Security kink sinks rinky-dink Link sync in a blink

Hapless BlackBerry has told users to update its software on their Mac OS X and Windows computers following the disclosure of a fairly serious security flaw. The Canadian handset maker said the vulnerability exists in selected versions of its freely available Link application – a program that allows you to transfer files between …
Shaun Nichols, 15 Nov 2013

Cisco hints at possible new security standard

Cisco is hoping that a framework it created for its Identity Services Engine (ISE) could offer the basis for a standard for multivendor security integration. The Borg created the Platform Exchange Grid – pxGrid – to allow third-party developers to integrate with ISE, and has told told NetworkWorld it intends to put the …
padlock

Didn't have time to ask about it in our security Regcast? No problem

Our Regcast Security: Knowing what you don't know - and what you can do about it (on demand version here) brought together Raimund Genes, CTO of Trend Micro, and Freeform Dynamics' Tony Lock, chief security nagging officer of the analyst community. They gave us a fascinating insight into how the security landscape has changed …
Tim Phillips, 11 Apr 2014

IBM snaps up banking security biz Trusteer, won't say what it paid

IBM has announced a deal to acquire transaction security firm Trusteer and open a new cybersecurity lab in Israel. Financial terms of the buyout, announced Thursday, were not disclosed. Big Blue said the deal would allow it to offer improved cloud-delivered software and services to defend against advanced security threats to its …
John Leyden, 15 Aug 2013

Is that a failed Outlook security update in your pocket or are you pleased to phish me?

Web criminals have fired off Patch Tuesday-themed phishing emails to trick confused users into handing over their login details. Their messages attempt to convince users into visiting a website masquerading as a Microsoft Exchange system, which tries to coax visitors into handing over their email accounts' address and password. …
John Leyden, 15 Oct 2013