Articles about Security

Lock security

Check Point snaps up mobile security outfit Lacoon

Check Point is buying Lacoon Mobile Security, in a deal that expands the security software firm beyond its core firewall and IDS market while pushing it further into mobile. Terms of the deal, announced Thursday, were undisclosed. Lacoon develops security apps for both iOS and Android, as well as marketing real-time mobile …
John Leyden, 02 Apr 2015

Symantec data centre security software has security holes

Security bod Stefan Viehböck has detailed holes in Symantec's data centre security platforms that the company plugged this week because they allowed hackers to gain privilege access to management servers. The patches fix holes in the management server for Symantec Critical System Protection (SCSP) 5.2.9 and its predecessor Data …
Darren Pauli, 23 Jan 2015

Blackberry hires new security chief

Blackberry has hired security luminary David Kleidermacher to head its security division. Kleidermacher served as the chief technology officer at Green Hills Software which developed secure embedded software for clients in military, industrial and medical industries including the EAL6-rated Integral operating system. He brings …
Darren Pauli, 11 Feb 2015

Cisco security software needs security patch

Cisco's ASA FirePOWER services and ASA CX Services are vulnerable to a denial of service (DoS) bug in the virtualisation layer. The just-updated ASA FirePOWER threat-detection platform and ASA CX (which adds application and user ID awareness to the system) could be forced to reload by an attacker hosing their management …
padlock

ISO floats storage security standard

The International Standards Organisation reckons the world needs help securing its data, so has published a new storage security standard to cover it. Because The Register isn't about to shell out 198 Swiss Francs to read the whole thing, we're constrained in our ability to tell you exactly what it contains, but we note that the …

'Security, privacy' main barrier to 'government cloud' rollout in EU

Security and privacy issues are holding back "the cloudification of governmental services" in the EU, according to a new report. The European Union Agency for Network and Information Security (ENISA) said concerns about how sensitive data is protected in a cloud computing environment have not been resolved. It said data security …
OUT-LAW.COM, 04 Mar 2015
Brute force

Home Wi-Fi security's just as good as '90s PC security! Wait, what?

UK home Wi-Fi security is as bad as PC security was in the 1990s, according to a new study. Security software firm Avast found that more than half of all routers are poorly protected by default or common, easily hacked password/ID combinations. Easily hacked password combinations such as admin/admin or admin/password, or even …
John Leyden, 08 Dec 2014
Oracle headquarters

Oracle grunts, grimaces, pushes out 98-flaw security patch batch

Oracle has patched nearly 100 security flaws in Java, Fusion Middleware, Database, MySQL and other products. For Java SE, the update fixes 14 CVE-listed bugs. All of the flaws are remotely exploitable without authentication to compromise a victim's computer, and three were given risk assessment scores of 10 out of 10. (Psst ... …
Shaun Nichols, 15 Apr 2015
Lock security

Check Point buys bare-metal security upstart Hyperwise

Check Point has pounced early to buy up stealth-mode security startup Hyperwise, which does sandboxing on the CPU itself rather than in the OS. Financial terms of the deal, announced on Wednesday, were not disclosed. Israel-based Hyperwise’s CPU level threat prevention technology is designed to throttle malware-based attacks at …
John Leyden, 18 Feb 2015
Homer Simpson reading on a tablet

Help! Virgin Media FORGETS to renew its security certificate on contact page

Virgin Media has failed to renew its security certificate on the company's 'Contact us' page of its website. It is currently displaying an "untrusted connection" warning about the help.virginmedia.com url. Customers who attempt to contact the Liberty Global-owned cable firm are greeted with the confusing alert that suggests …
Kelly Fiveash, 15 Mar 2015

NCC bags security services outfit Accumuli for £55m

Managed security services outfit Accumuli has been snapped up by rival NCC for a sum of £55m. Both firms reported a strong increase in turnover last year, according to their Companies House filings. Accumuli's revenue rose 18 per cent to £16.6m in 2014. NCC Group recorded revenue of £110.7m, up 12 per cent. Pre-tax profit were …
Kat Hall, 24 Mar 2015
HMRC

Security vendor's blog post pinched to make HMRC phish look legit

Netcraft has found that security firm TrustWave inadvertently gave phishers a helping hand. The situation starts in this December 2010 blog post by Gavin Neale of M86 Security Labs, a company since acquired by TrustWave. Until Wednesday, that post included an image of a faked email from UK taxation agency HM Revenue and Customs …
Simon Sharwood, 13 Mar 2015

NTT Com Security to wed UK cyber specialist Nebulas, say sources

NTT Com Security is to acquire rapidly growing London-based Nebulas Solutions Group, according to well-placed industry tipsters. Talks between the pair progressed in recent weeks though details of any financial exchange were not available at the time of writing. Nebulas is unlikely to come cheap. Sources tell us specialist …
Paul Kunert, 27 Feb 2015
Houses of Parliament in night-time

MP resigns as security committee chair amid 'cash-for-access' claims

Former foreign secretary Sir Malcolm Rifkind is stepping down as chair of the UK Parliament’s influential security committee in the wake of "cash for access" allegations. In a statement, Rifkind said he intends to remain a member of the Intelligence and Security Committee but will step down as chairman. The ISC, which overseas …
John Leyden, 24 Feb 2015

Stateside security screeners sacked for squeezing 'sexy' sacks

Two security strokers screeners at Denver airport got the boot after investigators were tipped off about gratuitous groin groping of certain male travellers, a police report reveals. The Office of Inspection of the Transportation Security Administration (TSA) were informed of the pair’s pervy prowess and did a little probing of …
Paul Kunert, 16 Apr 2015

Trustwave's off to Singapore as Singtel slurps security company

Singapore's dominant telco and aspiring services player, Singtel, has acquired Trustwave for about US$810m. Trustwave offers managed security services and the SpiderLabs ethical hacking research outfit, plus a range of network, content and endpoint security products. The company operates in 26 nations and has 1,200 people on the …
Simon Sharwood, 08 Apr 2015

Cisco pitches security for SMEs

Small and/or medium businesses and branch offices rejoice: Cisco has joined the ranks of vendors deciding you warrant security you can afford. As incidents like the Target “hack” demonstrated, a small contractor can easily provide a path into an enterprise network, so one of the key chunks of The Borg's latest announcement is to …

Fancy six months of security nirvana for free? Read on...

Promo If you’re one of the 33 per cent of folks who don’t use antivirus protection, we’ve got an offer for you. In fact, even if you’re one of the other two thirds, you’re still going to want to sit up and pay attention. What are we talking about? The chance to ring-up a free subscription to Bitdefender’s Internet Security 2015, which …
Team Register, 13 Apr 2015

Scouts take down database due to 'security vulnerabilities'

The Scouts Association has taken down its Compass database, which holds the records of nearly half-a-million young people and adult volunteers, after discovering a "potential security vulnerability," The Register can reveal. In a letter seen by El Reg and addressed to members this morning, the association said the decision was …
Kat Hall, 28 Jan 2015
Australian Prime Minister Tony Abbott

Australia to conduct national cyber-security review

Australia will conduct a national “cyber-security review”. Speaking today at the launch of the new Australian Cyber Security Centre in Canberra today, prime minister Tony Abbott put network security on par with physical security, said it is a guarantor of economic security and added “it is so important we keep one step ahead of …
Simon Sharwood, 27 Nov 2014
curiosity shadow

How big a problem is Cloud security?

To help readers help each other, we have put together a short, sharp temperature check survey on the topic of cloud security. We're asking a bit about you and your organisation for context and then 5 simple questions that we think nail the key issues and possible solutions. We finish off by getting you to tell us the scariest or …
Dale Vile, 13 Apr 2015
John Brennan protests TSA security by going starkers

Feds investigate Homeland Security background checker security breach

A contractor running background checks for the US Department of Homeland Security has suffered a potentially embarrassing security breach. The security snafu at USIS reportedly led to the theft of some DHS employees’ personal information. The recently discovered breach prompted DHS to suspend all work with USIS, pending the …
John Leyden, 05 Nov 2014

Crack security team finishes TrueCrypt audit – and the results are in

The researchers behind the security audit of the TrueCrypt disk-encryption software have completed their work and say they have found no evidence of any deliberate backdoors or serious design flaws in its code. "Based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software," crypto boffin …
Neil McAllister, 02 Apr 2015
Bitcoins

Canuck Bitcoin exchange gives up after security SNAFU

Canadian Bitcoin exchange Cavirtex, said to be the country's largest, will shut its doors after its two factor authentication credentials were probably compromised. The breach, spotted last Sunday, affected two factor secrets and hashed passwords stored in an older database and did not match log in details to identification …
Darren Pauli, 19 Feb 2015
Random numbers

Security? Don't bother until it's needed says RFC

All-or-nothing approaches to security are part of what's making it so hard to achieve acceptable protection, a new RFC suggests. Written by Viktor Dukhovni of Two Sigma, RFC 7435 argues that the way current systems fail is a discouragement to good security. A binary failure – if two peers in a conversation don't have the same …

Herjavec Group swallows Brit security services minnow Sysec

Candadian managed security services biz Herjavec Group has crossed the pond to hoover up Brit minnow Sysec, a specialist boutique that ploughs its furrow in the same field. The buy forms part of Herjavec’s three-year $250m “expansion plan” - it is more than half way there but may need to make a few more buys to get there given …
Paul Kunert, 05 Feb 2015
Sad cloud

IBM’s 700TB security threat database enters the cloud. Look to the heavens, hackers

IBM is putting its massive threat database up into the cloud for researchers, IT administrators, and anyone else to access in the hope of fundamentally changing how security companies defend against attackers. "Information sharing is something that has been discussed in legislation, within the industry, and between companies but …
Iain Thomson, 16 Apr 2015

Sucker for punishment? Join Sony's security team

Sony is seeking a steely-willed vulnerability management director in the wake of its thorough hosing by unknown attackers. The beleaguered media giant posted an online advertisement Friday seeking a security bod boasting a decade's hacking experience to, among other things, "Unify and enhance Sony’s global information security …
Darren Pauli, 23 Dec 2014
The European flag

EU parliament bans Outlook app over cloudy security: report

The EU Parliament has blocked politicians from using the Microsoft mobile Outlook app in the wake of security and privacy concerns centred on the siphoning of corporate credentials to a third party, according to reports. The Parliament's IT department, DG ITEC, has reportedly told staff to delete the app and reset corporate …
Darren Pauli, 12 Feb 2015

Craft bazaar Etsy's security plan is candy to get devs talking

Kiwicon podcast Etsy's security chieftain Rich Smith has told the hacker faithful to secure their organisations by buttering-up devs with beer and candy. Speaking at the KiwiCon event in Wellington, New Zealand, the guardian of the popular hipster bazaar and co-founder of Iceland consultancy Syndis offered tips from running the fast-spaced …
Darren Pauli, 12 Dec 2014
Non-sleeper

Self preservation is AWS security's biggest worry, says gros fromage

State-sponsored cyber armies, lone-wolf attackers, denial-of-service attacks ... which keep Amazon’s Web Services security boffins awake at night? None of the above. It’s customers – those who don’t protect themselves adequately against hackers and malware. That’s according AWS head of global security programs Bill Murray, who …
Gavin Clarke, 13 Apr 2015
Drawing of brain

Europe's cyber security agency wants pick your infosec BRAINS

Do you work in the ICT sector? If so, Europe’s top cyber security agency wants you. ENISA (The European Union Agency for Network and Information Security) is looking for 20 experts to join its “Permanent Stakeholders’ Group”. Self-declared experts who work in the ICT sector for fixed and mobile electronic communications …
Jennifer Baker, 07 Nov 2014
Smart home

Internet of Thieves: All that shiny home security gear is crap, warns HP

In a recent study, every connected home security system tested by HP contained significant vulnerabilities, including but not limited to password security, encryption, and authentication issues. HP's Fortify on Demand security service assessed the top 10 home security devices – such as video cameras and motion detectors – along …
John Leyden, 10 Feb 2015
Cartoon of fist clutching dollars smashing out of smartphone

PayPal pays $60m for Israeli predictive security start-up

PayPal has confirmed a $60m acquisition of security intelligence firm CyActive. The online payments firm, soon to be spun off from eBay, accompanied the announcement of the deal with plans to open a research hub in Israel. CyActive, founded by ex IDF intelligence unit cyberspies in 2013, specialises in trying to predict the …
John Leyden, 11 Mar 2015
hands waving dollar bills in the air

Hewlett Foundation lays out MEELLIONS on security

The Hewlett Foundation has found US$45m in its other jacket, and has anointed three lucky US universities to spend on security research. MIT, Stanford and UC Berkeley will share the simoleons, in a program MIT says is designed to generate a “robust marketplace of ideas”, whatever that is. On a more pragmatic basis, the …
iPhone forensics beaten image

Security holes in iOS? We've heard of them, says Apple (as it fixes vanishing ringtones)

Apple has released an update for iOS that addresses some rather annoying performance bugs, but leaves major security holes open. The company said the iOS 8.1.2 over-the-air update will address performance issues with the Apple mobile platform, including a flaw which had caused ringtones to disappear from handhelds. "This …
Shaun Nichols, 10 Dec 2014
GoPro HD Hero

GoPro cameras' WiFi security is GoAmateur

Net nuisances can harvest the cleartext SSIDs and passwords of wireless networks accessed by sports selfie box GoPro. The GoPro app collects and siphons wireless credentials so it can be used to log on to and manage cameras. Security researcher Ilya Chernyakov says the credentials which give access to the cameras could be mass …
Darren Pauli, 06 Mar 2015
Uber - living the dream

Taxi app Uber plugs 'privacy-threatening' web security flaw

Updated A potentially nasty XSS vulnerability discovered on the website of controversial ride-sharing service Uber has been fixed, according to the security researcher who reported the bug. The cross-site scripting vulnerability put visitors at risk of being compromised via theft of cookies, personal details, authentication credentials …
John Leyden, 10 Dec 2014
Our artist's impression of how BA handles lost baggage complaints

iPAD-FONDLING fanboi sparks SECURITY ALERT at Sydney airport

An iPad-obsessed bloke reportedly triggered an irritating security alert at Sydney Airport in Australia earlier today. The passenger apparently skipped the screening process and instead used an exit at the airport's Terminal 3, which is used for domestic flights, because his head was buried deep in his fondleslab. It would seem …
Kelly Fiveash, 27 Sep 2014
Office Space

Apple: Those security holes we fixed last week? You're going to need to repatch

Apple has released a follow-up to last week's security update after finding a pair of flaws that are still vulnerable on patched systems. The Cupertino giant said that the 2015-003 update would address two flaws; a man-in-the-middle vulnerability and type confusion error in OS X Yosemite (10.10.2). Both of the flaws, CVE-2015- …
Shaun Nichols, 20 Mar 2015

Microsoft updates Outlook app security, but haters still gunna hate

Microsoft has upgraded the security controls of its mobile Outlook app to allow credentials to be kept on its servers rather than Amazon's. Security upgrades detailed in a Redmond blog include PIN lock enforcement and faster remote wiping of application data, some of which will be deployed in coming months, along with …
Darren Pauli, 19 Feb 2015
Daniel Craig in Casino Royale

Sly peers attempt to thrust hated Snoopers' Charter into counter-terror and security bill

Britain's ISPs have attacked sneaky, proposed amendments to the Counter-Terrorism and Security Bill that were tabled by four peers in Parliament this week – as they mounted an attempt to resurrect the Snoopers' Charter. Home Secretary Theresa May's draft Communications Data Bill was rejected by politicos in 2012, however, the …
Kelly Fiveash, 24 Jan 2015

Spanish election site in security cert warning screwup snafu

Updated Website crypto problems on the Spanish online voting registration website are causing it to generate all manner of security warnings. Attempts to visit the sede.ine.gob.es site – run by Spain's National Statistics Institute and introduced this year for municipal/regional elections – typically lead to users being confronted with …
John Leyden, 13 Apr 2015
Containers

Docker hires'n'acquires to cure its security, networking headaches

Application container firm Docker is staffing up, having brought on new talent to further its security and networking development efforts. On Tuesday, Diogo Mónica and Nathan McCauley, two former engineers for mobile payments outfit Square, jointly blogged that they had joined Docker to lead its security engineering. "We've …
Neil McAllister, 04 Mar 2015
cloud

Alca-Lu security stuff goes virtual

Yet more of Alcatel-Lucent's portfolio has escaped its hardware prison to be virtualised: this time, it's the vendor's security solutions. Alca-Lu's Motive Security Guardian (MSG) – based on technology that came with Kindsight Security Labs, which it acquired in April 2013 – is to be turned into a virtualised service, the …

Fsck those new emojis! Install iOS 8.3, OS X 10.10.3 NOW to squash all these security bugs

Apple has released software updates to add features to and fix many bugs in its OS X and iOS operating systems. The iOS 8.3 overhaul will correct dozens of programming blunders, including glitches and dropouts with Wi-Fi and Bluetooth. Users reported problems with establishing and maintaining connections to wireless networks and …
Shaun Nichols, 09 Apr 2015
Australian Prime Minister Tony Abbott

Australian government's 'cyber-security' review delayed

One day after Australia's prime minister Tony Abbott promised a more hard-line approach to national security, the government has delayed a cyber-security review. Over the weekend, the PM's YouTube channel carried a statement (video at the end of this story) in which he complained that Australia's treatment of immigrants-turned- …
Bounty hunters

Bounty! hunter! discovers! holes! in! Yahoo! Stores! security!

Security researcher Mark Litchfield is $24,000 the richer after discovering three vulnerabilities involving Yahoo! Stores and hosted websites. The three vulnerabilities were fixed by Yahoo! after Litchfield alerted the internet giant through its bug bounty programme. The first and most serious of the vulnerabilities opened up …
John Leyden, 16 Mar 2015

Cert-slurping security firms chop super-fishy features

Security companies Lavasoft and AdTrustMedia, have been found using the SSL slurping certificate - or something very similar - made infamous by the Lenovo-Superfish debacle. Lavasoft used the certificate in its web inspection software Ad-Aware Web Companion and the Alpha testing version of AdBlocker. The software was restricted …
Darren Pauli, 24 Feb 2015

Home Depot ignored staff warnings of security fail laundry list

Home Depot is facing claims it ignored security warnings from staff, who say prior to its loss of 56 million credit cards, it failed to update anti virus since 2007, did not consistently monitor its network for signs of attack, and failed to properly audit its eventually-hacked payment terminals. The fixer-upper retail giant …
Darren Pauli, 22 Sep 2014