Articles about Security Risks

padlock

ISO floats storage security standard

The International Standards Organisation reckons the world needs help securing its data, so has published a new storage security standard to cover it. Because The Register isn't about to shell out 198 Swiss Francs to read the whole thing, we're constrained in our ability to tell you exactly what it contains, but we note that the …
2001: A Space Odyssey

GCHQ: Ensure biz security by STOPPING everyone from TALKING

GCHQ is advising organisations to consider stripping staff of smartphones and memory sticks in order to make themselves less exposed to cyber attacks. The advice from the intelligence agency's CESG (Communications-Electronics Security Group) information assurance arm comes against a backdrop of increased concerns about the theft …
John Leyden, 19 Mar 2015
Smart home

Internet of Thieves: All that shiny home security gear is crap, warns HP

In a recent study, every connected home security system tested by HP contained significant vulnerabilities, including but not limited to password security, encryption, and authentication issues. HP's Fortify on Demand security service assessed the top 10 home security devices – such as video cameras and motion detectors – along …
John Leyden, 10 Feb 2015

Trustwave gobbles up Application Security, gorges itself on tech

Data security biz Trustwave has acquired fellow data security provider Application Security, a startup that specialises in automated database security scanning technologies. Financial terms of the deal, announced on Monday, were undisclosed. Privately-held Application Security develops security software for relational databases …
John Leyden, 12 Nov 2013
Privacy image

Snoopy Fujitsu tech KNOWS you'll click that link – before YOU do

The next time you hover over a suspicious link a little too long, or download from a questionable site, you might get a nudge from Fujitsu. The Japanese tech giant has, from the back of a 2000-head study, developed a tool capable of determining if a user was likely to be scammed and delivering a custom warning. Together with a …
Darren Pauli, 23 Jan 2015
Hacker image

Psst, hackers. Just go for the known vulnerabilities

Despite all the publicity about zero-day exploits, a big percentage of breaches (44 per cent) come from vulnerabilities which are two to four years old. Server misconfigurations were the number one vulnerability, according to the latest edition of HP’s annual Cyber Risk Report, which concludes that well-known issues posed the …
John Leyden, 23 Feb 2015
Copyright Gage Skidmore licensed under CC attribution http://creativecommons.org/licenses/by-sa/2.0/deed.en

Phil Collins' daughter 'will give you A VIRUS' – security bods

Phil Collins' actress daughter is the celebrity most likely to give your equipment a nasty virus, security firm McAfee has warned. Its annual McAfee Most Dangerous CelebritiesTM study warned clicking on search links after Googling Lily Collins could flood your system with malware. The second most infectious celeb is Sk8r Boi …
Jasper Hamill, 18 Sep 2013

Hey, NUDE CELEBS! Apple adds SWEET 2FA to iMessage, Facetime

Apple has activated a two-factor authentication (2FA) system for Facetime and iMessage, extending the service to beyond iCloud accounts in a move that it hopes will help secure its communications platforms. The feature has become effective immediately, meaning any attempt to activate the services on a new device would first need …
Team Register, 13 Feb 2015

IBM says dating apps can give you a nasty infection DOWN THERE!

Valentine's Day is just around the corner – and, purely coincidentally, IBM is warning techies about the risks of dating apps and websites. Big Blue has published a report outlining the potential security risks associated with users running sex scheduling software on their smartphones and tablets. Big Blue says it studied 41 …
Shaun Nichols, 12 Feb 2015

New UK.gov cyber-security standard puts MANAGERS in firing line

The UK government is seeking to hear from businesses that would be interested in submitting evidence to help form a new "organisational standard" for cyber security. The Cyber Security and Resilience Team within the Department for Business, Innovation, and Skills (BIS) has asked businesses to detail initial interest in …
OUT-LAW.COM, 07 Mar 2013

Microsoft's message for Win Server 2003 users: FLEE FOR YOUR LIVES

With 160 days to go before extended support for Windows Server 2003 reaches the end of the line, Microsoft has popped up with some scaremongering tactics helpful advice. Come 14 July, any businesses running the 12-year-old OS will need to cough a princely sum to receive custom support from Microsoft as no more security patches …
Paul Kunert, 04 Feb 2015

Australian online voting system may have FREAK bug

UPDATE Next weekend, voters in the Australian State of New South Wales go to the polls to elect a new government. Some have already cast their votes online, with a system that may be running the FREAK bug. So say Vanessa Teague and J. Alex Halderman, respectively a research fellow in the Department of Computing and Information Systems …
Darren Pauli, 22 Mar 2015
The Register breaking news

'We are screwed!' Fonts eat a bullet in Microsoft security patch

Updated Windows users were surprised to find that a Microsoft security update stopped fonts from working on their PCs. Security update KB2753842 has killed certain fonts on PCs where it has been installed, rendering many of them unusable, and causing problems for designers and businesses who rely on using the types in their work. …
Anna Leach, 17 Dec 2012
The Register breaking news

BT links with Huawei raise national security concerns, say MPs

Chinese telecoms giant Huawei has dismissed claims that its technology, which is used by BT, is a threat to the UK's national security. The company was forced to defend itself today, after a parliamentary security and intelligence committee report attacked the civil service for failing to inform ministers of BT and Huawei's …
Kelly Fiveash, 06 Jun 2013

A billion things are already on the IoT: Verizon

Verizon reckons the Internet of Things is no longer a “nascent” market, reporting that there are already more than a billion devices out there running business-to-business IoT operations. In its “state of the market” report (free with registration) covering the IoT in 2015, the company predicts that the B2B IoT space will pass 5 …

By the way, Home Depot hackers also grabbed 53 million email addresses

Hackers made off with a whopping 53 million email addresses as part of the high profile April breach of Home Depot in which 56 million credit cards were compromised, the company says. The haul bagged enough email addresses to contact everyone in England, but it was unknown if the information had been implicated in further …
Darren Pauli, 07 Nov 2014
The Register breaking news

Treating today’s security risks

Episode 2 In the second of our mini series of audiocasts assessing the state of the IT Security market, our expert panel considers the major risks and how to deal with them. Again lending their expertise are Jon Clay, core technology marketing manager from Trend Micro and Tony Lock, programme director at the IT analyst firm Freeform …
Team Register, 18 Mar 2009
Winnie-the-Pooh honey

Business expects data retention will hit their bottom lines: survey

Risk management outfit Protiviti says Australian businesses are fearful that the government's proposed metadata retention scheme is going to cost them. The government is in the throes of considering a two-year retention regime for Australian telecommunications carriers and ISPs. While the Parliamentary Joint Committee on …
Don't Panic towel

WinShock PoC clocked: But DON'T PANIC... It's no Heartbleed

Security researchers have released a proof-of-concept exploit against the SChannel crypto library flaw patched by Microsoft last week. The release of a PoC for the MS14-066 vulnerability through the Canvas tool from Immunity Inc underlines the need to patch. The flaw opens the door to remote code execution on unpatched servers …
John Leyden, 17 Nov 2014
IE8 patch

Looking forward to the end of Tuesday? You've patched this month's 37 Microsoft bugs, right?

True to its word, Microsoft released nine security patches this month, two of which are rated as critical. The company said that the August edition of Patch Tuesday addresses a total of 37 CVE-listed security vulnerabilities. Most of the flaws will be addressed by the cumulative Internet Explorer security update. The browser …
Shaun Nichols, 12 Aug 2014
The Register breaking news

Canada: We'll boot 'security risk' firms from gov network bid race

The Canadian government has said that it will be invoking a "national security exemption" as it hires firms to build a secure network, hinting that Chinese telco Huawei could be excluded. The exemption allows the government to kick out of the running any companies or nations considered a security risk, which coming in the wake …

India's tough hacker crackdown: IT security leaflets with every device

India has reportedly concocted a plan to cut down on IT security problems: forcing hardware vendors to include a security awareness brochure with all desktop PCs, mobile phones and USB modems. The plans were dreamt up to improve the country’s cyber security preparedness, in response to the increasing volume of online threats …
Phil Muncaster, 14 Jan 2013
medical_doctor_health_channel

NHS XP patch scratch leaves patient records wide open to HACKERS

Thousands of patient records could be left exposed to hackers, as up to 20 NHS trusts have failed to put an agreement in place with Microsoft to extend security support for Windows XP via a patch, The Register can reveal. The majority of trusts still operate Windows XP and have signed up to a £5.5m Cabinet Office agreement with …
Kat Hall, 10 Nov 2014
The Register breaking news

Experts fret over iPad security risks

Apple's much hyped iPad tablet may come tightly locked down but the device is still likely to be affected by many of the security issues that affect the iPhone, as well as some of its own. Security experts polled by El Reg were concerned about a variety of risks, in particular phishing attacks and browser exploits. Graham …
John Leyden, 29 Jan 2010

Patch Windows boxes NOW – unless you want to be owned by a web page or network packet

"Remote code execution if an attacker sends specially crafted packets" is not what many of you want to hear today – nor "remote code execution if a user views a specially crafted webpage using Internet Explorer" – but it's Patch Tuesday, so what do you expect? Microsoft has issued a batch of security fixes for Internet Explorer …
Shaun Nichols, 11 Nov 2014
Canary Wharf at night

Bank of England plans to shove cyber-microscope up nation's bankers

The Bank of England today announced it plans to penetrate Blighty’s banks to test the security of their critical computer systems. Speaking to the British Bankers’ Association, the BoE's exec director of resolution, Andrew Gracie launched CBEST [PDF], a new defence-testing programme that mimics crims who attack crucial networks …
The Register breaking news

Facebook message security risks 'open door to Web 2.0 botnet'

Security watchers have already begun fretting about the security implications of Facebook's new messaging system, warning that compromised accounts might be used to create potent Web 2.0 botnets. The system brings together Facebook messages, instant messaging chat and SMS messages in one location, a development that increases …
John Leyden, 18 Nov 2010
School of Rock

UK.gov to train up 11-year-old cyberwarriors

British schoolkids as young as 11 will be trained in cyber security as part of a new drive to protect the UK from digital threats. The government will produce learning materials designed to get 11- to 14-year-olds up to speed on cyber security. If the kids show a willingness to strap on a keyboard and fight in some foreign …
Jasper Hamill, 13 Mar 2014
Privacy image

WANTED: A plan to DESTROY metadata, not just retain it

Australia's data retention proposal suggests the nation's telcos and ISPs need to store data for two years. But agencies accessing the data can seemingly keep it forever and are not, to date, required to securely store or destroy data they retrieve from the nation's putative data trove of personal information, miscalled " …

People will happily run malware if paid ONE CENT – new study

Security white hats, despair: users will run dodgy executables if they are paid as little as one cent. Even more would allow their computers to become infected by botnet software nasties if the price was increased to five or 10 cents. Offer a whole dollar and you'll secure a herd of willing internet slaves. The demoralising …
Darren Pauli, 18 Jun 2014

So long, Lenovo, and no thanks for all the super-creepy Superfish

+Comment Chinese PC maker Lenovo has published instructions on how to scrape off the Superfish adware it installed on its laptops – but still bizarrely insists it has done nothing wrong. That's despite rating the severity of the deliberate infection as "high" on its own website. Well played, Lenonope. Superfish was bundled on new Lenovo …

Popular password protection programs p0wnable

Researchers have detailed a series of quickly patched vulnerabilities in five popular password managers that could allow attackers to steal user credentials. "Critical" vulnerabilities were discovered and reported in LastPass, RoboForm, My1Login, PasswordBox and NeedMyPassword in work described by the University of California …
Darren Pauli, 14 Jul 2014
The Register breaking news

Step forward the chief information security officer

What does the modern chief information security officer (Ciso) look like? The role used to be little more than acting as a glorified sysadmin but things have changed. These days, Cisos must be all-rounders, concentrating not just on technology but on business too. “In recent years, the role of the Ciso has become more business …
Danny Bradbury, 15 Nov 2011

Five critical fixes on deck for Patch Tuesday

Microsoft is planning to release at least five critical fixes in next week's Patch Tuesday monthly security update. The company said that the planned patch release will include fixes for critical remote code execution flaws in versions of Windows, Office, and Internet Explorer, as well as Microsoft Exchange Server. Among the …
Shaun Nichols, 06 Dec 2013
Tubbs from the League of Gentlemen. Illustration by Doeth Gwraig

Warning to those who covet the data of Internet of Precious Things

Data generated by devices in the "internet of things" age should be "regarded and treated as personal data", data protection authorities from across the globe have agreed. The watchdogs said it is "more likely than not" that such data can be attributed to individuals. "Internet of things’ sensor data is high in quantity, …
OUT-LAW.COM, 22 Oct 2014
Smartphones

Go on, buy your workers a smartphone. You know it makes sense

Choose your own device (CYOD), the latest incarnation of mobility device management, is being promoted as a smarter alternative to BYOD (bring your own device), with more benefits for everybody and fewer pitfalls. How is CYOD defined in the real world and what are the advantages and challenges for business owners, IT teams and …
Dave Wilby, 19 Nov 2014
adobe

Buggy software in need of patching? Hey, we got that right here – Adobe

Adobe has released a batch of scheduled security fixes to address critical flaws in its Flash Player and ColdFusion products. The company said the updates will tackle a pair of security vulnerabilities in the two platforms which could be exploited remotely by attackers. For Flash Player, the update applies to Windows, Linux and …
Shaun Nichols, 13 Nov 2013

Beijing leans on Microsoft to maintain Windows XP support

The Chinese government has urged Microsoft to extend support for Windows XP in order to boost Beijing’s anti-piracy efforts and head off a potentially huge security threat. Yan Xiaohong, deputy director of China’s National Copyright Administration, met Microsoft and other software companies in a bid to put some pressure on, …
Phil Muncaster, 04 Dec 2013
channel

More tech fails to exorcise security risks

Current IT systems are inherently insecure and growing complexity will simply increase these risks, a leading academic has warned. Users should rebel and demand vendors compensate them for security foul-ups, said pugnacisous Professor Klaus Brunnstein of the University of Hamburg Brunnstein told delegates to an IT security …
John Leyden, 14 Sep 2005
black and white pic of alan turing

Gay hero super-boffin Turing 'may have been murdered by MI5'

Legendary code-breaker and computing boffin Alan Turing - seen by many as the father of modern computing and credited with a huge contribution to the Allied victory in World War Two - may have been murdered by the British security services, it has been claimed. “The government should open a new inquiry into the death of gay war- …
Lewis Page, 30 Dec 2013
traffic lights

SCADA flaws put world leaders at risk of TERRIBLE TRAFFIC JAM

In November 2014, leaders of the G20 group of nations will convene in Brisbane, Australia, for a few days of plotting to form a one-world government high-level talks aimed at ensuring global stability and amity. Queensland, the Australian state in which Brisbane is located, is leaving no preparatory stone unturned as it readies …
Simon Sharwood, 21 Nov 2013
Cartoon of  green skeletal figure reaching out of phone

BYOD: don't let the dream turn into a nightmare

Most vendors and analysts agree: you can’t avoid BYOD (bring your own device). But despite all the excitement about letting people use whatever smartphones, tablets, convertibles or latest thingamajig they want at work, many businesses are still wary of the BYOD trend. Some organisations, by necessity, just cannot adopt BYOD …
Stuart Burns, 06 Nov 2014
chain_relationship_channel

HP exec: 'CYOD' will TEAR APART the IT dept as we know it

Corporations are close to handing staff credit notes to buy or choose their own technology in a trend that will bust classic IT departments and supply chains, HP's top boss for Europe reckons. BYOD has morphed into Choose Your Own Device (CYOD) but the impact will still be just as dramatic, said Herbert Kock, HP's joint head of …
Paul Kunert, 07 Apr 2014

Hey banks: Use Win XP after deadline? You'll PAY if card data's snaffled

Banks that use the Windows XP operating system will face a risk to their compliance with payment card data security rules if they continue to operate the software after Microsoft withdraws its extended support services, a US regulatory body has warned. Microsoft confirmed in 2010 that it would end "extended support" for Windows …
OUT-LAW.COM, 14 Oct 2013
Man wrinkles his eyes in an expression of pain, annoyance or dsicomfort

Microsoft holds nose, shoves Windows into Android, iOS boxes

Microsoft may not yet be keen for its Office suite to run on rivals' mobile devices, but it has made good on its promise to make Windows accessible on Android and iOS devices. As we flagged last week, that promise was to release native RDP clients for Android and iOS. Both have now landed. Here's the iOS version. The Android …
Simon Sharwood, 18 Oct 2013
Windows 8.1 Start screen

Microsoft: Hey, small biz devs – Windows Store apps are for you, too

Build 2014 We reckon there haven't been many line-of-business apps built for Windows 8's Modern UI so far, but Microsoft has now made it easier for companies that want to do so. Most Windows 8 Apps are downloaded and installed from the Windows Store – which is why Microsoft has taken to calling them "Windows Store Apps" following the …
Neil McAllister, 04 Apr 2014
The Register breaking news

Breathe life into your cyber security campaign

Ah, another day, another government initiative designed to educate users about cyber risk. The Canadian government has declared October “Get Cyber Safe” month. It has a web site, too, which advises users on how to avoid getting pwned. The advice list includes updating your malware signatures and not giving out your password. …
Danny Bradbury, 18 Oct 2011
The Register breaking news

Businesses blind to the security risks of temporary staff

More than 80 per cent of temporary staff have the same level of access to company documents as permanent staff but without the same accountability, according to research released today by security firm Websense. The survey of more than 100 temporary staff found that 88 per cent of respondents were able to access documents from …
OUT-LAW.COM, 28 Nov 2007
The Register breaking news

Confidential report reveals ContactPoint security fears

An independent study on the previous government's controversial child protection database highlighted significant security and privacy risks. Deloitte found significant shortcomings in the security of the ContactPoint database when it evaluated the system back in 2008. But only a summary of its report was ever published prior to …
John Leyden, 29 Jun 2010
The Register breaking news

ICO: NHS data security breaches are just 'plain daft'

NHS staff should be more aware of data security risks as patient confidentiality "is at the heart of what they do", Jonathan Bamford, head of strategic liaison at the Information Commissioner's Office has said. Speaking at an event on healthcare efficiency, he said that he was confounded by the disconnect between staff awareness …