Articles about Security

Lock security

Check Point snaps up mobile security outfit Lacoon

Check Point is buying Lacoon Mobile Security, in a deal that expands the security software firm beyond its core firewall and IDS market while pushing it further into mobile. Terms of the deal, announced Thursday, were undisclosed. Lacoon develops security apps for both iOS and Android, as well as marketing real-time mobile …
John Leyden, 02 Apr 2015

Metasploit maker Rapid7 gobbles web app security testing firm

Metasploit firm Rapid7 has snapped up web and mobile application security testing company NT OBJECTives (NTO). Financial terms of the deal, announced Monday, were undisclosed. Rapid7 has folded NTO’s application security testing product, renamed as Rapid7 AppSpider, into its security data and analytics platform to give customers …
John Leyden, 05 May 2015

Symantec data centre security software has security holes

Security bod Stefan Viehböck has detailed holes in Symantec's data centre security platforms that the company plugged this week because they allowed hackers to gain privilege access to management servers. The patches fix holes in the management server for Symantec Critical System Protection (SCSP) 5.2.9 and its predecessor Data …
Darren Pauli, 23 Jan 2015
sea_hp_sink

Atalla the hun(ter) leads HP cloud security invasion

HP has revealed a bunch of security analytics tools and services as part of an infosec portfolio launch. The company reckons the IT industry isn't keeping up with security threats, so it's pushing a focus on “the interactions between users, applications and data”. To that end, there's additions to ArcSight, a new cloud security …

Stop the war between privacy and security – EU data watchdog

Security and privacy are not mutually exclusive says Europe’s privacy watchdog – and people should stop saying they are. The European Data Protection Supervisor (EDPS), Giovanni Buttarelli, told a Brussels conference he was concerned that “the objective of cyber-security may be misused to justify measures which weaken protection …
Jennifer Baker, 29 Apr 2015

RSA supremo rips 'failed' security industry a new backdoor, warns of 'super-mega hack'

RSA 2015 RSA president Amit Yoran tore into the infosec industry today, telling 30,000 attendees at this year's RSA computer security conference that they have failed. “2014 was yet another reminder that we are losing this contest,” Yoran said in his keynote this morning at the annual event in San Francisco, California. “The adversaries …
Darren Pauli, 21 Apr 2015

Blackberry hires new security chief

Blackberry has hired security luminary David Kleidermacher to head its security division. Kleidermacher served as the chief technology officer at Green Hills Software which developed secure embedded software for clients in military, industrial and medical industries including the EAL6-rated Integral operating system. He brings …
Darren Pauli, 11 Feb 2015

Cisco security software needs security patch

Cisco's ASA FirePOWER services and ASA CX Services are vulnerable to a denial of service (DoS) bug in the virtualisation layer. The just-updated ASA FirePOWER threat-detection platform and ASA CX (which adds application and user ID awareness to the system) could be forced to reload by an attacker hosing their management …
padlock

ISO floats storage security standard

The International Standards Organisation reckons the world needs help securing its data, so has published a new storage security standard to cover it. Because The Register isn't about to shell out 198 Swiss Francs to read the whole thing, we're constrained in our ability to tell you exactly what it contains, but we note that the …

'Security, privacy' main barrier to 'government cloud' rollout in EU

Security and privacy issues are holding back "the cloudification of governmental services" in the EU, according to a new report. The European Union Agency for Network and Information Security (ENISA) said concerns about how sensitive data is protected in a cloud computing environment have not been resolved. It said data security …
OUT-LAW.COM, 04 Mar 2015
Brute force

Home Wi-Fi security's just as good as '90s PC security! Wait, what?

UK home Wi-Fi security is as bad as PC security was in the 1990s, according to a new study. Security software firm Avast found that more than half of all routers are poorly protected by default or common, easily hacked password/ID combinations. Easily hacked password combinations such as admin/admin or admin/password, or even …
John Leyden, 08 Dec 2014
Oracle headquarters

Oracle grunts, grimaces, pushes out 98-flaw security patch batch

Oracle has patched nearly 100 security flaws in Java, Fusion Middleware, Database, MySQL and other products. For Java SE, the update fixes 14 CVE-listed bugs. All of the flaws are remotely exploitable without authentication to compromise a victim's computer, and three were given risk assessment scores of 10 out of 10. (Psst ... …
Shaun Nichols, 15 Apr 2015
Lock security

Check Point buys bare-metal security upstart Hyperwise

Check Point has pounced early to buy up stealth-mode security startup Hyperwise, which does sandboxing on the CPU itself rather than in the OS. Financial terms of the deal, announced on Wednesday, were not disclosed. Israel-based Hyperwise’s CPU level threat prevention technology is designed to throttle malware-based attacks at …
John Leyden, 18 Feb 2015
Homer Simpson reading on a tablet

Help! Virgin Media FORGETS to renew its security certificate on contact page

Virgin Media has failed to renew its security certificate on the company's 'Contact us' page of its website. It is currently displaying an "untrusted connection" warning about the help.virginmedia.com url. Customers who attempt to contact the Liberty Global-owned cable firm are greeted with the confusing alert that suggests …
Kelly Fiveash, 15 Mar 2015
HMRC

Security vendor's blog post pinched to make HMRC phish look legit

Netcraft has found that security firm TrustWave inadvertently gave phishers a helping hand. The situation starts in this December 2010 blog post by Gavin Neale of M86 Security Labs, a company since acquired by TrustWave. Until Wednesday, that post included an image of a faked email from UK taxation agency HM Revenue and Customs …
Simon Sharwood, 13 Mar 2015

NCC bags security services outfit Accumuli for £55m

Managed security services outfit Accumuli has been snapped up by rival NCC for a sum of £55m. Both firms reported a strong increase in turnover last year, according to their Companies House filings. Accumuli's revenue rose 18 per cent to £16.6m in 2014. NCC Group recorded revenue of £110.7m, up 12 per cent. Pre-tax profit were …
Kat Hall, 24 Mar 2015
curiosity shadow

How big a problem is Cloud security?

To help readers help each other, we have put together a short, sharp temperature check survey on the topic of cloud security. We're asking a bit about you and your organisation for context and then 5 simple questions that we think nail the key issues and possible solutions. We finish off by getting you to tell us the scariest or …
Dale Vile, 13 Apr 2015
Infosec

Lenovo system update flaws plugged, security world not impressed

Lenovo faces renewed accusations of lax security practices - just three months after the Superfish debacle - after it was obliged to fix flaws in its software update system. Security researchers at IOActive uncovered a mechanism that would have allowed hackers to create a fake certificate authority in order to sign executables. …
John Leyden, 06 May 2015

NTT Com Security to wed UK cyber specialist Nebulas, say sources

NTT Com Security is to acquire rapidly growing London-based Nebulas Solutions Group, according to well-placed industry tipsters. Talks between the pair progressed in recent weeks though details of any financial exchange were not available at the time of writing. Nebulas is unlikely to come cheap. Sources tell us specialist …
Paul Kunert, 27 Feb 2015
Houses of Parliament in night-time

MP resigns as security committee chair amid 'cash-for-access' claims

Former foreign secretary Sir Malcolm Rifkind is stepping down as chair of the UK Parliament’s influential security committee in the wake of "cash for access" allegations. In a statement, Rifkind said he intends to remain a member of the Intelligence and Security Committee but will step down as chairman. The ISC, which overseas …
John Leyden, 24 Feb 2015

Stateside security screeners sacked for squeezing 'sexy' sacks

Two security strokers screeners at Denver airport got the boot after investigators were tipped off about gratuitous groin groping of certain male travellers, a police report reveals. The Office of Inspection of the Transportation Security Administration (TSA) were informed of the pair’s pervy prowess and did a little probing of …
Paul Kunert, 16 Apr 2015

Trustwave's off to Singapore as Singtel slurps security company

Singapore's dominant telco and aspiring services player, Singtel, has acquired Trustwave for about US$810m. Trustwave offers managed security services and the SpiderLabs ethical hacking research outfit, plus a range of network, content and endpoint security products. The company operates in 26 nations and has 1,200 people on the …
Simon Sharwood, 08 Apr 2015

Cisco pitches security for SMEs

Small and/or medium businesses and branch offices rejoice: Cisco has joined the ranks of vendors deciding you warrant security you can afford. As incidents like the Target “hack” demonstrated, a small contractor can easily provide a path into an enterprise network, so one of the key chunks of The Borg's latest announcement is to …
register logo

In charge of security? We need to talk...

CIO Manifesto If you head up security for your organisation, you probably feel like you’re caught between know-it all techies, ignorant directors and unbending compliance regulations. So do most of your peers, and that’s why we want to bring you together to discuss the reality of running IT securely in 2015 at our May 20 roundtable. The …
Team Register, 06 May 2015

Scouts take down database due to 'security vulnerabilities'

The Scouts Association has taken down its Compass database, which holds the records of nearly half-a-million young people and adult volunteers, after discovering a "potential security vulnerability," The Register can reveal. In a letter seen by El Reg and addressed to members this morning, the association said the decision was …
Kat Hall, 28 Jan 2015

Fancy six months of security nirvana for free? Read on...

Promo If you’re one of the 33 per cent of folks who don’t use antivirus protection, we’ve got an offer for you. In fact, even if you’re one of the other two thirds, you’re still going to want to sit up and pay attention. What are we talking about? The chance to ring-up a free subscription to Bitdefender’s Internet Security 2015, which …
Team Register, 13 Apr 2015
Australian Prime Minister Tony Abbott

Australia to conduct national cyber-security review

Australia will conduct a national “cyber-security review”. Speaking today at the launch of the new Australian Cyber Security Centre in Canberra today, prime minister Tony Abbott put network security on par with physical security, said it is a guarantor of economic security and added “it is so important we keep one step ahead of …
Simon Sharwood, 27 Nov 2014
John Brennan protests TSA security by going starkers

Feds investigate Homeland Security background checker security breach

A contractor running background checks for the US Department of Homeland Security has suffered a potentially embarrassing security breach. The security snafu at USIS reportedly led to the theft of some DHS employees’ personal information. The recently discovered breach prompted DHS to suspend all work with USIS, pending the …
John Leyden, 05 Nov 2014
Bitcoins

Canuck Bitcoin exchange gives up after security SNAFU

Canadian Bitcoin exchange Cavirtex, said to be the country's largest, will shut its doors after its two factor authentication credentials were probably compromised. The breach, spotted last Sunday, affected two factor secrets and hashed passwords stored in an older database and did not match log in details to identification …
Darren Pauli, 19 Feb 2015

Crack security team finishes TrueCrypt audit – and the results are in

The researchers behind the security audit of the TrueCrypt disk-encryption software have completed their work and say they have found no evidence of any deliberate backdoors or serious design flaws in its code. "Based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software," crypto boffin …
Neil McAllister, 02 Apr 2015
Random numbers

Security? Don't bother until it's needed says RFC

All-or-nothing approaches to security are part of what's making it so hard to achieve acceptable protection, a new RFC suggests. Written by Viktor Dukhovni of Two Sigma, RFC 7435 argues that the way current systems fail is a discouragement to good security. A binary failure – if two peers in a conversation don't have the same …
Woman puts hand in camera lens. Pic: Steve Purkiss

Security bods gagged using DMCA on eve of wireless key vuln reveal

Updated Researchers at IOActive have been slapped with a DMCA (Digital Millennium Copyright Act) gagging order a day before they planned to release information about security vulnerabilities in the kit of an as-yet unidentified vendor*. A redacted version of the legal notice – posted on Google+ – has reignited the long standing debate …
John Leyden, 05 May 2015

Herjavec Group swallows Brit security services minnow Sysec

Candadian managed security services biz Herjavec Group has crossed the pond to hoover up Brit minnow Sysec, a specialist boutique that ploughs its furrow in the same field. The buy forms part of Herjavec’s three-year $250m “expansion plan” - it is more than half way there but may need to make a few more buys to get there given …
Paul Kunert, 05 Feb 2015

Sucker for punishment? Join Sony's security team

Sony is seeking a steely-willed vulnerability management director in the wake of its thorough hosing by unknown attackers. The beleaguered media giant posted an online advertisement Friday seeking a security bod boasting a decade's hacking experience to, among other things, "Unify and enhance Sony’s global information security …
Darren Pauli, 23 Dec 2014
Sad cloud

IBM’s 700TB security threat database enters the cloud. Look to the heavens, hackers

IBM is putting its massive threat database up into the cloud for researchers, IT administrators, and anyone else to access in the hope of fundamentally changing how security companies defend against attackers. "Information sharing is something that has been discussed in legislation, within the industry, and between companies but …
Iain Thomson, 16 Apr 2015
Parking meter FAIL from Ryan Stele's Flickr account  https://www.flickr.com/photos/tweek/139509551/in/photolist-dk2k6-8VcmSf-5w27pU-7RdimR-7RdiiK-7RdifK-7Rgz8f-7Rdiai-czUVBh-9Ls61i-5cY5jG-9bGK2Y-6VH3Xz-5YVGNT-abaRJ9-6PjTC5-6opqMB-jitAoe-5Yvee7-65tNZD-5xf3hB-a9Zegh-845DZg-ocfXQT-bfZB5z-aWWvax-bVe3vu-6yra6f-6yra4A-8nudtt-6WhDiL-6qNQyT-7YYReC-6yra5N-6yra3w-6yra2Y-6yn2HX-a6MPYs-6yn2Qx-6yn2Pv-6yra49-6yra2q-6yn2Hx-6yra57-6qT1yb-55rYVK-6yra75-6yr9ZQ-6odx71-68EVsF

Google broke own security with April fool gag

On April 1st Google had a bit of fun by using the com.google domain to display all content backwards, but the folks at Netcraft think that jape backfired by introducing security vulnerabilities to the search engine. Netcraft's security folks say the joke “... inadvertently undermined an important security feature on Google's …
Simon Sharwood, 19 Apr 2015

Craft bazaar Etsy's security plan is candy to get devs talking

Kiwicon podcast Etsy's security chieftain Rich Smith has told the hacker faithful to secure their organisations by buttering-up devs with beer and candy. Speaking at the KiwiCon event in Wellington, New Zealand, the guardian of the popular hipster bazaar and co-founder of Iceland consultancy Syndis offered tips from running the fast-spaced …
Darren Pauli, 12 Dec 2014
The European flag

EU parliament bans Outlook app over cloudy security: report

The EU Parliament has blocked politicians from using the Microsoft mobile Outlook app in the wake of security and privacy concerns centred on the siphoning of corporate credentials to a third party, according to reports. The Parliament's IT department, DG ITEC, has reportedly told staff to delete the app and reset corporate …
Darren Pauli, 12 Feb 2015
Non-sleeper

Self preservation is AWS security's biggest worry, says gros fromage

State-sponsored cyber armies, lone-wolf attackers, denial-of-service attacks ... which keep Amazon’s Web Services security boffins awake at night? None of the above. It’s customers – those who don’t protect themselves adequately against hackers and malware. That’s according AWS head of global security programs Bill Murray, who …
Gavin Clarke, 13 Apr 2015
Drawing of brain

Europe's cyber security agency wants pick your infosec BRAINS

Do you work in the ICT sector? If so, Europe’s top cyber security agency wants you. ENISA (The European Union Agency for Network and Information Security) is looking for 20 experts to join its “Permanent Stakeholders’ Group”. Self-declared experts who work in the ICT sector for fixed and mobile electronic communications …
Jennifer Baker, 07 Nov 2014
Smart home

Internet of Thieves: All that shiny home security gear is crap, warns HP

In a recent study, every connected home security system tested by HP contained significant vulnerabilities, including but not limited to password security, encryption, and authentication issues. HP's Fortify on Demand security service assessed the top 10 home security devices – such as video cameras and motion detectors – along …
John Leyden, 10 Feb 2015
hands waving dollar bills in the air

Hewlett Foundation lays out MEELLIONS on security

The Hewlett Foundation has found US$45m in its other jacket, and has anointed three lucky US universities to spend on security research. MIT, Stanford and UC Berkeley will share the simoleons, in a program MIT says is designed to generate a “robust marketplace of ideas”, whatever that is. On a more pragmatic basis, the …
Cartoon of fist clutching dollars smashing out of smartphone

PayPal pays $60m for Israeli predictive security start-up

PayPal has confirmed a $60m acquisition of security intelligence firm CyActive. The online payments firm, soon to be spun off from eBay, accompanied the announcement of the deal with plans to open a research hub in Israel. CyActive, founded by ex IDF intelligence unit cyberspies in 2013, specialises in trying to predict the …
John Leyden, 11 Mar 2015
iPhone forensics beaten image

Security holes in iOS? We've heard of them, says Apple (as it fixes vanishing ringtones)

Apple has released an update for iOS that addresses some rather annoying performance bugs, but leaves major security holes open. The company said the iOS 8.1.2 over-the-air update will address performance issues with the Apple mobile platform, including a flaw which had caused ringtones to disappear from handhelds. "This …
Shaun Nichols, 10 Dec 2014
Uber - living the dream

Taxi app Uber plugs 'privacy-threatening' web security flaw

Updated A potentially nasty XSS vulnerability discovered on the website of controversial ride-sharing service Uber has been fixed, according to the security researcher who reported the bug. The cross-site scripting vulnerability put visitors at risk of being compromised via theft of cookies, personal details, authentication credentials …
John Leyden, 10 Dec 2014
GoPro HD Hero

GoPro cameras' WiFi security is GoAmateur

Net nuisances can harvest the cleartext SSIDs and passwords of wireless networks accessed by sports selfie box GoPro. The GoPro app collects and siphons wireless credentials so it can be used to log on to and manage cameras. Security researcher Ilya Chernyakov says the credentials which give access to the cameras could be mass …
Darren Pauli, 06 Mar 2015
Our artist's impression of how BA handles lost baggage complaints

iPAD-FONDLING fanboi sparks SECURITY ALERT at Sydney airport

An iPad-obsessed bloke reportedly triggered an irritating security alert at Sydney Airport in Australia earlier today. The passenger apparently skipped the screening process and instead used an exit at the airport's Terminal 3, which is used for domestic flights, because his head was buried deep in his fondleslab. It would seem …
Kelly Fiveash, 27 Sep 2014
Office Space

Apple: Those security holes we fixed last week? You're going to need to repatch

Apple has released a follow-up to last week's security update after finding a pair of flaws that are still vulnerable on patched systems. The Cupertino giant said that the 2015-003 update would address two flaws; a man-in-the-middle vulnerability and type confusion error in OS X Yosemite (10.10.2). Both of the flaws, CVE-2015- …
Shaun Nichols, 20 Mar 2015
Parking meter FAIL from Ryan Stele's Flickr account  https://www.flickr.com/photos/tweek/139509551/in/photolist-dk2k6-8VcmSf-5w27pU-7RdimR-7RdiiK-7RdifK-7Rgz8f-7Rdiai-czUVBh-9Ls61i-5cY5jG-9bGK2Y-6VH3Xz-5YVGNT-abaRJ9-6PjTC5-6opqMB-jitAoe-5Yvee7-65tNZD-5xf3hB-a9Zegh-845DZg-ocfXQT-bfZB5z-aWWvax-bVe3vu-6yra6f-6yra4A-8nudtt-6WhDiL-6qNQyT-7YYReC-6yra5N-6yra3w-6yra2Y-6yn2HX-a6MPYs-6yn2Qx-6yn2Pv-6yra49-6yra2q-6yn2Hx-6yra57-6qT1yb-55rYVK-6yra75-6yr9ZQ-6odx71-68EVsF

Smart grid security WORSE than we thought

Don't try crypto at home, kids: the Open Smart Grid Protocol project rolled its own crypto and ended up with something horribly insecure. This paper at the International Association for Cryptologic Research explains big issues with the OSGP crypto protocol deployed in as many as four million smart meters and devices. The …
Daniel Craig in Casino Royale

Sly peers attempt to thrust hated Snoopers' Charter into counter-terror and security bill

Britain's ISPs have attacked sneaky, proposed amendments to the Counter-Terrorism and Security Bill that were tabled by four peers in Parliament this week – as they mounted an attempt to resurrect the Snoopers' Charter. Home Secretary Theresa May's draft Communications Data Bill was rejected by politicos in 2012, however, the …
Kelly Fiveash, 24 Jan 2015