Articles about Security Tools

AWS Snowball appliance

Disk boxes, security tools, etc: What Amazon announced at its AWS shindig on Wednesday

Amazon Web Services (AWS) kicked off its annual re:Invent conference on Wednesday with the introduction of a handful of new additions to its cloud computing service. The rollout includes a tool to test apps for security flaws, plus a business intelligence (BI) service, and a new way to physically toss data into Amazon's cloud …
Shaun Nichols, 08 Oct 2015

IT security spending to hit $75.4bn in 2015 despite currency issues, says Gartner

Worldwide spending on information security will reach $75.4bn in 2015 – an increase of 4.7 per cent over 2014 – despite a currency-driven price hike causing some customers to delay purchases until next year. Government initiatives, increased legislation and high-profile data breaches are the hot topics shaping the latest …
John Leyden, 23 Sep 2015
Padlocks by Simon Cocks Flickr CC2 license

No more customisation? Cloud Security Alliance calls for Open APIs

The Cloud Security Alliance has teamed up with CipherCloud to try and impose some discipline on the sector by defining protocols and best practice. CipherCloud will co-lead a Cloud Security Open API Working Group to develop vendor neutral protocols and best practices under the the Cloud Access Security Broker Framework. The …
Joe Fay, 30 Jun 2015

Hidden password-stealing malware lurking in your GPU card? Intel Security thinks not

Fears that malware is hiding in people's graphics chipsets may be overclocked, according to Intel Security. Earlier this year, researchers from the self-styled “Team JellyFish” released a proof-of-concept software nasty capable of exploiting GPUs to swipe passwords and other information typed in by a PC's user. The same …
John Leyden, 01 Sep 2015

The weapons pact threatening IT security research

Analysis The US government has rewritten chunks of an obscure weapons trade pact between itself, Europe, Russia, and other nations – a pact that is now casting its shadow over today's computer security tools. Dubbed the Wassenaar Agreement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, the treaty limits who …
Iain Thomson, 06 Jun 2015

Hacked US OPM boss: We'll fix our IT security – just give us $21 million

The boss of the US government's thoroughly ransacked Office of Personnel Management has – rightly – come in for a rough ride from members of the House Committee on Oversight and Government Reform. Politicians on both sides of the trenches tore strips off the lamentable state of security in the agency, which was raided by …
Iain Thomson, 16 Jun 2015

Self preservation is AWS security's biggest worry, says gros fromage

State-sponsored cyber armies, lone-wolf attackers, denial-of-service attacks ... which keep Amazon’s Web Services security boffins awake at night? None of the above. It’s customers – those who don’t protect themselves adequately against hackers and malware. That’s according AWS head of global security programs Bill Murray, who …
Gavin Clarke, 13 Apr 2015
apple mac malware vxer

Ex-NSA security bod fanboi: Apple Macs are wide open to malware

A former NSA staffer turned security researcher is warning that bypassing typical OS X security tools is trivial. Patrick Wardle, a former NSA staffer and NASA intern who now heads up research at crowd-sourced security intelligence firm Synack, found that Apple's defensive Gatekeeper technology can be bypassed allowing unsigned …
John Leyden, 07 May 2015

Devs are SHEEP. Which is good when the leader writes secure code

Programmers with security chops are seen as more productive and influential workers whom other coders strive to emulate, according to security researchers from North Carolina State University and Microsoft Research. A sextet of security researchers has produced a trio of studies on the topic, finding that programmers are …
Darren Pauli, 26 Aug 2015
Hacked sarcasm

Biz coughs up even less for security, despite mega breach losses

Information security budgets are falling despite a continuing rise in the number of attacks, according to a new report by management consultants PwC. Detected security incidents have increased 66 per cent year-over-year since 2009, reaching the equivalent of 117,339 attacks per day, according to PwC's "The Global State of …
John Leyden, 01 Oct 2014

Symantec retires low-end security software

Symantec has quietly retired its PC Tools range of security products. Acquired in 2008, PC Tools offered consumer-and-micro-business-grade anti-virus and network security tools dubbed “Spyware Doctor”, “Internet Security” and “Spyware Doctor with Antivirus”. Buying the Australian company that created the products gave Symantec a …
Simon Sharwood, 28 May 2013

Script tool a Docker shocker blocker

Docker security head Diogo Mónica has crafted a defence tool to help admins protect their machine instances. Mónica says the Docker Bench Security script available on GitHub is designed as a complement and check systems against the Docker benchmarks released last month alongside a whitepaper [pdf]. “Having the documents is …
Darren Pauli, 01 Jun 2015

Netflix releases reflected XSS audit tool for biz

Netflix has continued its contribution to the open source security community with the release of a tool to better help developers and admins identify cross-site scripting. The Sleeping Puppy tool joins Netflix's released security tools including Fully Integrated Defense Operation automated incidence response platform, the …
Darren Pauli, 03 Sep 2015


Disgruntled workers are causing more problems for their employers, the FBI warns. Employees, ex-workers or contractors with a grudge against their former paymasters are abusing cloud storage sites or remote access to enterprise networks to steal trade secrets, customer lists or other sensitive information. Insider threats have …
John Leyden, 25 Sep 2014
Marc Benioff of Salesforce. Pic: Techcrunch

Salesforce plugs silly website XSS hole, hopes nobody spotted it

A cross-site scripting (XSS) vulnerability on Salesforce's website might have been abused to pimp phishing attacks or hijack user accounts. Fortunately the bug has been resolved, apparently before it caused any harm. Cloud app and security firm Elastica said the issue affected a Salesforce sub-domain – …
John Leyden, 14 Aug 2015
The Office

SDN to bring new round of internecine office wars to IT shops

Software-defined networking (SDN) will give IT teams a new reason for internecine conflict, as those looking to build automated, software-defined data centres come up against the hard-headed trust nobody pragmatism of security teams. So says Gartner's Eric Ahlm, a research director at the analyst firm, who today delivered a …
Simon Sharwood, 19 May 2015
VMware logo

VMware sells off Shavlik patch management tools to LANDesk

With new sheriff Pat Gelsinger now running the company for the past six months, VMware is getting more focused on its software-defined data center product line, extending up from basic server virtualization to the heavens, and is spinning off anything that is not directly supportive of its goals for virtualized data center and …
Nicole Kidman (Christine Lucas) in Before I Go To Sleep

OK Google, how much of my life do you observe and disturb?

Google would like netizens to believe that the vast multinational has bolstered "privacy" controls on its services today. But you'd be wrong to swallow that line. In fact, no changes have been made to the company's data-slurping and scraping policies. Instead – in a move reflecting Facebook's somewhat disingenuous claims to be …
Kelly Fiveash, 01 Jun 2015

Using Office 365 at work? It's dangerous to go alone! Take this...

Microsoft is adding some security tools, dubbed Advanced Threat Protection, to Office 365 for its business and government subscribers. The utilities will try to curb malware writers and phishers seeking to exploit vulnerabilities via emailed attachments and links. "As hackers around the globe launch increasingly sophisticated …
Iain Thomson, 08 Apr 2015

Who's been writing in my apps? Googlilocks builds new apps-tracker

Google has bolstered the security of its Apps platform with new reports providing insight into the number of devices accessing the account over the past month. The Devices and Activity dashboard displayed all devices active on an account in the last 28 days and those still signed in. Google Apps security. Google Apps security …
Darren Pauli, 25 Nov 2014
Pair of pliers with other tools

Belden buys Tripwire for $710m: Will keep network burglars out of Internet of Things things

Signal transmission firm Belden has agreed to buy security tools firm Tripwire for $710m in cash. The deal, announced Monday, is expected to close in the first quarter of 2015, subject to customary closing conditions. Tripwire's security and compliance products, such as Tripwire Enterprise, will be further developed and …
John Leyden, 10 Dec 2014

How to evade Apple's anti-malware Gatekeeper in OS X and really ruin a fanboy's week

The myth that Macs are inherently more secure than Windows PCs has taken another hit. Patrick Wardle, a former NSA staffer who now heads up research at crowdsourced security intelligence firm Synack, has found a new route around Apple's defensive Gatekeeper technology. Apple's Gatekeeper utility is built into OS X, and is …
John Leyden, 01 Oct 2015
sap security vulnerabilities

Almost EVERY SAP install hackable, researchers say

A staggering 95 percent of enterprise SAP installations contain high-severity vulnerabilities that could allow systems to be hijacked, researchers say. Researchers from SAP security tools vendor Onapsis say attackers can target the SAP installs to pivot from low to high integrity systems, execute admin privilege commands, and …
Darren Pauli, 08 May 2015

Netflix airs its developers' Dirty Laundry

Netflix has developed a platform, using soon-to-be open source tools, that probes for vulnerabilities and monitor data leakage. One initiative dubbed the "Dirty Laundry Project" monitors for Netflix assets unintentionally exposed by its staff. Engineers Scott Behrens and Andy Hoernecke (pictured above) told the Shmoocon …
Darren Pauli, 09 Feb 2015

Mashed together malware threatens Japanese online banking users

Customers of Japanese banks are on the front line of attacks based on a new and sophisticated banking trojan, mashed together from leaked bits of malware code. Shifu (named after the Japanese word for thief) is targeting 14 Japanese banks as well as electronic banking platforms used across Europe, according to security …
John Leyden, 01 Sep 2015

Vegan eats BeEf, gets hooked

Botnet slaughterer Brian Wallace has created a module to detect when attackers are using the popular browser-busting BeEF hacking framework. The Chrome extension codenamed Vegan allows victims to detect when attackers have hooked their web browser instances using the enormously powerful Browser Exploit Framework. Vegan could …
Darren Pauli, 26 Jun 2015
Boeing's CST-100 space capsule

Big Yellow brings in Boeing bods to bolster Big data bid

Symantec is acquiring 65 security engineers from Boeing as a part of a deal to beef up its expertise in Big Data, prior to a split between its security and storage divisions later this year. As part of the deal Big Yellow is also licensing technology from Boeing's Narus security division, which develops network-monitoring …
John Leyden, 13 Jan 2015
For Sale sign detail

HP buys security tools firm ArcSight for $1.5bn

HP has agreed to buy security event management firm ArcSight for $1.5bn. The deal, rumoured over the weekend and announced on Monday, is the IT giant's second significant acquisition in two weeks, following the purchase of storage outfit 3PAR. It also follows last month's deal to buy application security tools firm Fortify …
John Leyden, 13 Sep 2010
Houses of Parliament at night-time chucks another £260m at MOOC-based cyber security training

The UK government has published a progress report praising its own achievements in the two years since it launched an ambitious plan to make Britain the best place to do e-commerce. The National Cyber Security Strategy (NCSS), launched in November 2011, also has the goals of making the UK more resilient to cyber attack, building …
John Leyden, 13 Dec 2013

Biter bitten as hacker leaks source code for popular exploit kit

A black hat trouble maker appears to have released recent source code for one of the most popular exploit kits, malware-probers say. The dump was posted online by a user known as (@EkMustDie) before it was removed. The leaker appears to have previously tried to sell access to the exploit kit. Independent malware investigators …
Darren Pauli, 13 Feb 2015

Anti-botnet initiatives USELESS in sea of patch-hating pirates

Three Dutch researchers have crunched data gleaned from efforts to battle the Conficker bot and declared anti-botnet initiatives all but useless for clean up efforts. Conficker was born in 2008 spreading aggressively through a since patched remote code execution Microsoft vulnerability (MS08-067) that affected all operating …
Darren Pauli, 18 Aug 2015

IBM claims first with Hadoop data security suite

IBM is launching what it claims is the first data security system for Hadoop, as part of its biggest product rollout of security software and services yet seen from the company. Big Blue's not the highest profile security firm, but it has been buying in a lot of talent over the last three years and last year grouped staff and …
Iain Thomson, 18 Oct 2012

Oracle pulls CSO's BONKERS anti-bug bounty and infosec rant

Updated While other IT industry heavyweights have embraced bug bounties and working with security researchers more generally, Oracle has set its face in the opposite direction in a blog post likening reverse engineering to cheating on your spouse. Mary Ann Davidson, Oracle's chief security officer (CSO), expressed corporate dislike …
John Leyden, 11 Aug 2015
The Register breaking news

Ruby off the Rails: Enormo security hole puts 240k sites at risk

Popular programming framework Ruby on Rails has two critical security vulnerabilities - one allowing anyone to execute commands on the servers running affected web apps. The newly uncovered bugs both involve the parsing and handling of data supplied by visitors to a Rails application. The CVE-2013-0156 hole is the more severe of …
John Leyden, 10 Jan 2013

ID yourself or get NOTHING (except Framework), snarls Metasploit

Metasploit Pro and Community users outside North America now need to prove who they are, thanks to changes introduced this week and a tightening of encryption export rules. The open source Metasploit Framework (a computer security project) is not affected by the new rules. "[This] is yet another reminder that governments have …
John Leyden, 21 Apr 2015
The Register breaking news

Tablet security study finds BlackBerry still good for something

A technology audit has identified security failings in three of the most popular tablets, raising concerns about the security implications of allowing workers to use their personal technology at work. A study by Context Information Security looked at Apple's iPad, Samsung's Galaxy Tab and RIM's BlackBerry PlayBook, and concluded …
John Leyden, 05 Oct 2012
management governance3

New security standard for CHAPS who have your CREDIT CARD data

A new version of the PCI-DSS payment card industry standard was published yesterday, and is due to come into effect at the start of January. The new rules place a greater emphasis on promoting improved security rather than complying with pre-set rules. PCI DSS 3.0 is designed to "help organisations take a proactive approach to …
John Leyden, 08 Nov 2013

Cyber poltergeist threat discovered in Internet of Stuff hubs

New security research has revealed a whole new area of concerns for the soon-to-be-everywhere Internet of Things – smart home hubs. Hubs – devices that link into home networks to control lighting, dead-bolt locks and cameras – can be dangerously vulnerable to attack, according to security tools firm TripWire. Craig Young, a …
John Leyden, 23 Jul 2015
management regulation2

As the US realises it's been PWNED, when will OPM heads roll?

Heads are set to roll at the Office of Personnel Management as director Katherine Archuleta continues to receive a grilling from Senate committees, who are beginning to realise that the country's entire intelligence workforce has been utterly pwned, probably by a hostile nation. Archuleta, alongside OPM's Chief Information …

State Dept shuts off unclassified email after hack. Classified mail? That's CLASSIFIED

The State Department has suspended its unclassified email system in response to a suspected hacking attack. The unprecedented shutdown on Friday was reportedly applied to give technicians an opportunity to repair possible damage, as well as to apply security improvements. A senior department official said possible problems were …
John Leyden, 17 Nov 2014
The Register breaking news

McAfee, IBM gobble rival security-intelligence firms

McAfee and IBM have both bought into the expanding security intelligence market with the acquisition of start-ups NitroSecurity and Q1 Labs, respectively. Financial terms on both deals, announced Tuesday, were undisclosed. Both NitroSecurity and Q1 Labs make software tools that allow enterprises to make sense of security logs …
John Leyden, 04 Oct 2011
The Register breaking news

Microsoft refreshes secure developer software tools

Microsoft has released a new software tool to help developers write secure applications by highlighting the system changes created when their wares are installed on Windows machines. The Attack Surface Analyzer, released on Tuesday, is a free verification tool that analyzes the changes in system state, runtime parameters and …
Dan Goodin, 19 Jan 2011

Sony boss: Nork megahack won't hurt our bottom line

Sony’s chief exec Kazuo Hirai has predicted no major financial impact on the entertainment conglomerate after the recent cyber-attack on its Sony Pictures movie studio division. "We are still reviewing the effects of the cyber attack," Hirai told reporters at the Consumer Electronics Show in Las Vegas, Reuters reports. "However …
John Leyden, 08 Jan 2015
The Register breaking news

Floating security tools span sky of clouds

Layer 7 Technologies - an outfit that handles security for XML web services and what the world now calls clouds - has introduced a new collection of tools for securing and managing sky-high infrastructure and applications. On Monday, the Canada-based company introduced a family of products dubbed CloudSpan, and it spans (just …
Cade Metz, 19 Apr 2010
Spying image

New software ported from Windows to Mac! You'll never guess what. Yes, it's spyware

Miscreants have ported five-year-old spyware XSLCmd to OS X. The Windows version of the malware has been around since 2009, and the Apple Mac edition of XSLCmd shares significant portions of the same code. It can open a reverse shell to its masters, automatically transfer your documents to a remote system, install executables, …
John Leyden, 05 Sep 2014

Facebook flings PGP-encrypted email at world+dog. Don't lose your private key

Hands-on Facebook can now powerfully encrypt notification emails sent to its users with PGP – keeping potentially sensitive messages out of the hands of hackers and other snoopers. The social network has also added a spot for people to share their public PGP keys via the HTTPS-protected website. "We are gradually rolling out an …
Iain Thomson, 01 Jun 2015
Venomous snake

VENOM virtual vuln proves less poisonous than first feared

Analysis A newly discovered vulnerability in many popular virtual machine platforms is serious, but nowhere near as bad as last year’s Heartbleed vulnerability, according to security experts. Dubbed VENOM (Virtualized Environment Neglected Operations Manipulation), the zero-day flaw takes advantage of the “virtual floppy disk controller …
John Leyden, 14 May 2015

Hackers fear arms control pact makes exporting flaws illegal

Export regulations that threaten to hinder vulnerability research and exploit development have put hackers on edge ahead of the annual Pwn2Own contest. Operators of the hack-fest have reportedly issued an email warning to researchers to obtain legal advice about how the Wassenaar Arrangement, a 42-nation effort aimed at " …
Darren Pauli, 16 Feb 2015

Malware coders adopt DevOps to target smut sites

Linux-served porn sites may offer devs more than they bargained for after villains behind one of 2014's nastiest malware campaigns changed tactics to hit adult sites with stealthier wares. The Windigo campaign was revealed in March 2014 to have over the previous two years infected 25,000 Unix and Linux servers, with some 10,000 …
Darren Pauli, 12 Jan 2015
The Register breaking news

UK boffins get £3.8m pot to probe 'science of cyber-security'

GCHQ, the UK's nerve-centre for eavesdropping spooks, has established what's billed as Blighty's first academic research institute to investigate the "science of cyber security". The lab - which was set up with the Research Councils' Global Uncertainties Programme and the government's Department for Business, Innovation and …
John Leyden, 14 Sep 2012