Articles about Security Tools

Padlocks by Simon Cocks Flickr CC2 license

No more customisation? Cloud Security Alliance calls for Open APIs

The Cloud Security Alliance has teamed up with CipherCloud to try and impose some discipline on the sector by defining protocols and best practice. CipherCloud will co-lead a Cloud Security Open API Working Group to develop vendor neutral protocols and best practices under the the Cloud Access Security Broker Framework. The …
Joe Fay, 30 Jun 2015

The weapons pact threatening IT security research

Analysis The US government has rewritten chunks of an obscure weapons trade pact between itself, Europe, Russia, and other nations – a pact that is now casting its shadow over today's computer security tools. Dubbed the Wassenaar Agreement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, the treaty limits who …
Iain Thomson, 06 Jun 2015

Hacked US OPM boss: We'll fix our IT security – just give us $21 million

The boss of the US government's thoroughly ransacked Office of Personnel Management has – rightly – come in for a rough ride from members of the House Committee on Oversight and Government Reform. Politicians on both sides of the trenches tore strips off the lamentable state of security in the agency, which was raided by …
Iain Thomson, 16 Jun 2015
Non-sleeper

Self preservation is AWS security's biggest worry, says gros fromage

State-sponsored cyber armies, lone-wolf attackers, denial-of-service attacks ... which keep Amazon’s Web Services security boffins awake at night? None of the above. It’s customers – those who don’t protect themselves adequately against hackers and malware. That’s according AWS head of global security programs Bill Murray, who …
Gavin Clarke, 13 Apr 2015
apple mac malware vxer

Ex-NSA security bod fanboi: Apple Macs are wide open to malware

A former NSA staffer turned security researcher is warning that bypassing typical OS X security tools is trivial. Patrick Wardle, a former NSA staffer and NASA intern who now heads up research at crowd-sourced security intelligence firm Synack, found that Apple's defensive Gatekeeper technology can be bypassed allowing unsigned …
John Leyden, 07 May 2015
Hacked sarcasm

Biz coughs up even less for security, despite mega breach losses

Information security budgets are falling despite a continuing rise in the number of attacks, according to a new report by management consultants PwC. Detected security incidents have increased 66 per cent year-over-year since 2009, reaching the equivalent of 117,339 attacks per day, according to PwC's "The Global State of …
John Leyden, 01 Oct 2014

Symantec retires low-end security software

Symantec has quietly retired its PC Tools range of security products. Acquired in 2008, PC Tools offered consumer-and-micro-business-grade anti-virus and network security tools dubbed “Spyware Doctor”, “Internet Security” and “Spyware Doctor with Antivirus”. Buying the Australian company that created the products gave Symantec a …
Simon Sharwood, 28 May 2013

Script tool a Docker shocker blocker

Docker security head Diogo Mónica has crafted a defence tool to help admins protect their machine instances. Mónica says the Docker Bench Security script available on GitHub is designed as a complement and check systems against the Docker benchmarks released last month alongside a whitepaper [pdf]. “Having the documents is …
Darren Pauli, 01 Jun 2015

FBI: Your real SECURITY TERROR? An ANGRY INSIDE MAN

Disgruntled workers are causing more problems for their employers, the FBI warns. Employees, ex-workers or contractors with a grudge against their former paymasters are abusing cloud storage sites or remote access to enterprise networks to steal trade secrets, customer lists or other sensitive information. Insider threats have …
John Leyden, 25 Sep 2014
The Office

SDN to bring new round of internecine office wars to IT shops

Software-defined networking (SDN) will give IT teams a new reason for internecine conflict, as those looking to build automated, software-defined data centres come up against the hard-headed trust nobody pragmatism of security teams. So says Gartner's Eric Ahlm, a research director at the analyst firm, who today delivered a …
Simon Sharwood, 19 May 2015
Nicole Kidman (Christine Lucas) in Before I Go To Sleep

OK Google, how much of my life do you observe and disturb?

Google would like netizens to believe that the vast multinational has bolstered "privacy" controls on its services today. But you'd be wrong to swallow that line. In fact, no changes have been made to the company's data-slurping and scraping policies. Instead – in a move reflecting Facebook's somewhat disingenuous claims to be …
Kelly Fiveash, 01 Jun 2015

Using Office 365 at work? It's dangerous to go alone! Take this...

Microsoft is adding some security tools, dubbed Advanced Threat Protection, to Office 365 for its business and government subscribers. The utilities will try to curb malware writers and phishers seeking to exploit vulnerabilities via emailed attachments and links. "As hackers around the globe launch increasingly sophisticated …
Iain Thomson, 08 Apr 2015
VMware logo

VMware sells off Shavlik patch management tools to LANDesk

With new sheriff Pat Gelsinger now running the company for the past six months, VMware is getting more focused on its software-defined data center product line, extending up from basic server virtualization to the heavens, and is spinning off anything that is not directly supportive of its goals for virtualized data center and …
Rickmote

Who's been writing in my apps? Googlilocks builds new apps-tracker

Google has bolstered the security of its Apps platform with new reports providing insight into the number of devices accessing the account over the past month. The Devices and Activity dashboard displayed all devices active on an account in the last 28 days and those still signed in. Google Apps security. Google Apps security …
Darren Pauli, 25 Nov 2014
Pair of pliers with other tools

Belden buys Tripwire for $710m: Will keep network burglars out of Internet of Things things

Signal transmission firm Belden has agreed to buy security tools firm Tripwire for $710m in cash. The deal, announced Monday, is expected to close in the first quarter of 2015, subject to customary closing conditions. Tripwire's security and compliance products, such as Tripwire Enterprise, will be further developed and …
John Leyden, 10 Dec 2014
sap security vulnerabilities

Almost EVERY SAP install hackable, researchers say

A staggering 95 percent of enterprise SAP installations contain high-severity vulnerabilities that could allow systems to be hijacked, researchers say. Researchers from SAP security tools vendor Onapsis say attackers can target the SAP installs to pivot from low to high integrity systems, execute admin privilege commands, and …
Darren Pauli, 08 May 2015

Netflix airs its developers' Dirty Laundry

Netflix has developed a platform, using soon-to-be open source tools, that probes for vulnerabilities and monitor data leakage. One initiative dubbed the "Dirty Laundry Project" monitors for Netflix assets unintentionally exposed by its staff. Engineers Scott Behrens and Andy Hoernecke (pictured above) told the Shmoocon …
Darren Pauli, 09 Feb 2015

Vegan eats BeEf, gets hooked

Botnet slaughterer Brian Wallace has created a module to detect when attackers are using the popular browser-busting BeEF hacking framework. The Chrome extension codenamed Vegan allows victims to detect when attackers have hooked their web browser instances using the enormously powerful Browser Exploit Framework. Vegan could …
Darren Pauli, 26 Jun 2015
Boeing's CST-100 space capsule

Big Yellow brings in Boeing bods to bolster Big data bid

Symantec is acquiring 65 security engineers from Boeing as a part of a deal to beef up its expertise in Big Data, prior to a split between its security and storage divisions later this year. As part of the deal Big Yellow is also licensing technology from Boeing's Narus security division, which develops network-monitoring …
John Leyden, 13 Jan 2015

Biter bitten as hacker leaks source code for popular exploit kit

A black hat trouble maker appears to have released recent source code for one of the most popular exploit kits, malware-probers say. The dump was posted online by a user known as (@EkMustDie) before it was removed. The leaker appears to have previously tried to sell access to the exploit kit. Independent malware investigators …
Darren Pauli, 13 Feb 2015
Houses of Parliament at night-time

UK.gov chucks another £260m at MOOC-based cyber security training

The UK government has published a progress report praising its own achievements in the two years since it launched an ambitious plan to make Britain the best place to do e-commerce. The National Cyber Security Strategy (NCSS), launched in November 2011, also has the goals of making the UK more resilient to cyber attack, building …
John Leyden, 13 Dec 2013
For Sale sign detail

HP buys security tools firm ArcSight for $1.5bn

HP has agreed to buy security event management firm ArcSight for $1.5bn. The deal, rumoured over the weekend and announced on Monday, is the IT giant's second significant acquisition in two weeks, following the purchase of storage outfit 3PAR. It also follows last month's deal to buy application security tools firm Fortify …
John Leyden, 13 Sep 2010

IBM claims first with Hadoop data security suite

IBM is launching what it claims is the first data security system for Hadoop, as part of its biggest product rollout of security software and services yet seen from the company. Big Blue's not the highest profile security firm, but it has been buying in a lot of talent over the last three years and last year grouped staff and …
Iain Thomson, 18 Oct 2012

ID yourself or get NOTHING (except Framework), snarls Metasploit

Metasploit Pro and Community users outside North America now need to prove who they are, thanks to changes introduced this week and a tightening of encryption export rules. The open source Metasploit Framework (a computer security project) is not affected by the new rules. "[This] is yet another reminder that governments have …
John Leyden, 21 Apr 2015
The Register breaking news

Ruby off the Rails: Enormo security hole puts 240k sites at risk

Popular programming framework Ruby on Rails has two critical security vulnerabilities - one allowing anyone to execute commands on the servers running affected web apps. The newly uncovered bugs both involve the parsing and handling of data supplied by visitors to a Rails application. The CVE-2013-0156 hole is the more severe of …
John Leyden, 10 Jan 2013
shutterstock_282226826-Internet-of-things

Cyber poltergeist threat discovered in Internet of Stuff hubs

New security research has revealed a whole new area of concerns for the soon-to-be-everywhere Internet of Things – smart home hubs. Hubs – devices that link into home networks to control lighting, dead-bolt locks and cameras – can be dangerously vulnerable to attack, according to security tools firm TripWire. Craig Young, a …
John Leyden, 23 Jul 2015
management regulation2

As the US realises it's been PWNED, when will OPM heads roll?

Heads are set to roll at the Office of Personnel Management as director Katherine Archuleta continues to receive a grilling from Senate committees, who are beginning to realise that the country's entire intelligence workforce has been utterly pwned, probably by a hostile nation. Archuleta, alongside OPM's Chief Information …
The Register breaking news

Tablet security study finds BlackBerry still good for something

A technology audit has identified security failings in three of the most popular tablets, raising concerns about the security implications of allowing workers to use their personal technology at work. A study by Context Information Security looked at Apple's iPad, Samsung's Galaxy Tab and RIM's BlackBerry PlayBook, and concluded …
John Leyden, 05 Oct 2012
management governance3

New security standard for CHAPS who have your CREDIT CARD data

A new version of the PCI-DSS payment card industry standard was published yesterday, and is due to come into effect at the start of January. The new rules place a greater emphasis on promoting improved security rather than complying with pre-set rules. PCI DSS 3.0 is designed to "help organisations take a proactive approach to …
John Leyden, 08 Nov 2013

State Dept shuts off unclassified email after hack. Classified mail? That's CLASSIFIED

The State Department has suspended its unclassified email system in response to a suspected hacking attack. The unprecedented shutdown on Friday was reportedly applied to give technicians an opportunity to repair possible damage, as well as to apply security improvements. A senior department official said possible problems were …
John Leyden, 17 Nov 2014

Sony boss: Nork megahack won't hurt our bottom line

Sony’s chief exec Kazuo Hirai has predicted no major financial impact on the entertainment conglomerate after the recent cyber-attack on its Sony Pictures movie studio division. "We are still reviewing the effects of the cyber attack," Hirai told reporters at the Consumer Electronics Show in Las Vegas, Reuters reports. "However …
John Leyden, 08 Jan 2015
The Register breaking news

McAfee, IBM gobble rival security-intelligence firms

McAfee and IBM have both bought into the expanding security intelligence market with the acquisition of start-ups NitroSecurity and Q1 Labs, respectively. Financial terms on both deals, announced Tuesday, were undisclosed. Both NitroSecurity and Q1 Labs make software tools that allow enterprises to make sense of security logs …
John Leyden, 04 Oct 2011

Facebook flings PGP-encrypted email at world+dog. Don't lose your private key

Hands-on Facebook can now powerfully encrypt notification emails sent to its users with PGP – keeping potentially sensitive messages out of the hands of hackers and other snoopers. The social network has also added a spot for people to share their public PGP keys via the HTTPS-protected website. "We are gradually rolling out an …
Iain Thomson, 01 Jun 2015
Spying image

New software ported from Windows to Mac! You'll never guess what. Yes, it's spyware

Miscreants have ported five-year-old spyware XSLCmd to OS X. The Windows version of the malware has been around since 2009, and the Apple Mac edition of XSLCmd shares significant portions of the same code. It can open a reverse shell to its masters, automatically transfer your documents to a remote system, install executables, …
John Leyden, 05 Sep 2014
The Register breaking news

Microsoft refreshes secure developer software tools

Microsoft has released a new software tool to help developers write secure applications by highlighting the system changes created when their wares are installed on Windows machines. The Attack Surface Analyzer, released on Tuesday, is a free verification tool that analyzes the changes in system state, runtime parameters and …
Dan Goodin, 19 Jan 2011
Venomous snake

VENOM virtual vuln proves less poisonous than first feared

Analysis A newly discovered vulnerability in many popular virtual machine platforms is serious, but nowhere near as bad as last year’s Heartbleed vulnerability, according to security experts. Dubbed VENOM (Virtualized Environment Neglected Operations Manipulation), the zero-day flaw takes advantage of the “virtual floppy disk controller …
John Leyden, 14 May 2015

Hackers fear arms control pact makes exporting flaws illegal

Export regulations that threaten to hinder vulnerability research and exploit development have put hackers on edge ahead of the annual Pwn2Own contest. Operators of the hack-fest have reportedly issued an email warning to researchers to obtain legal advice about how the Wassenaar Arrangement, a 42-nation effort aimed at " …
Darren Pauli, 16 Feb 2015
The Register breaking news

Floating security tools span sky of clouds

Layer 7 Technologies - an outfit that handles security for XML web services and what the world now calls clouds - has introduced a new collection of tools for securing and managing sky-high infrastructure and applications. On Monday, the Canada-based company introduced a family of products dubbed CloudSpan, and it spans (just …
Cade Metz, 19 Apr 2010

Malware coders adopt DevOps to target smut sites

Linux-served porn sites may offer devs more than they bargained for after villains behind one of 2014's nastiest malware campaigns changed tactics to hit adult sites with stealthier wares. The Windigo campaign was revealed in March 2014 to have over the previous two years infected 25,000 Unix and Linux servers, with some 10,000 …
Darren Pauli, 12 Jan 2015
Glorious future of China

Chinese snoops try tracking VPN users with fiendish JSONP trickery

Snoops are exploiting vulnerabilities in China’s most frequented websites to target individuals accessing web content which state censors have deemed hostile. Even users who run VPN connections to access websites that are blocked by China’s censorship technology, often called the Great Firewall (GFW), are potentially being …
John Leyden, 16 Jun 2015
The Register breaking news

UK boffins get £3.8m pot to probe 'science of cyber-security'

GCHQ, the UK's nerve-centre for eavesdropping spooks, has established what's billed as Blighty's first academic research institute to investigate the "science of cyber security". The lab - which was set up with the Research Councils' Global Uncertainties Programme and the government's Department for Business, Innovation and …
John Leyden, 14 Sep 2012

Windows 8 security is like a swiss cheese flak jacket - sez AV firm

The knives are out for Windows Defender, the basic anti-malware protection bundled with Windows 8: makers of rival antivirus products are lining up to criticise Microsoft's efforts to secure its operating system. Windows 8 can be infected by 16 percent of the most common malware families, even with Windows Defender activated, …
John Leyden, 13 Nov 2012

Can't stop Home Depot-style card pwning, but suppliers will feel PCI regulation pain

Third-party providers will face more stringent regulations as part of a revamp in payment card industry regulations due to go into full effect in the new year. The new Payment Card Industry Data Security Standard 3.0 (PCI 3.0) will be mandatory for all businesses that store, process or transmit payment card information beginning …
John Leyden, 17 Dec 2014
Malware

Twitter 'news' spreads faster than Ebola #FakeCures #Malware

Updated Social media has become a conduit for the spread of fake cures and treatments for Ebola. As if that weren't bad enough, confusion about the epidemic is also being harnessed to push malware and other cybercrime scams, security watchers warn. The hoaxes began in the Twittersphere with the spread of false ways to treat Ebola. Late …
John Leyden, 20 Oct 2014
Kronos

'Father of Zeus' banking trojan appears at very reasonable price

A banking trojan dubbed the father of the infamous Zeus malware is being flogged on cybercrime marketplaces for a pricey $7000, says fraud specialist Etay Maor. The Kronos malware was sold on a cybercrime forum, pitched particularly to Zeus trojan customers given its capabilities to re-use that trojan's form grabbing templates …
Darren Pauli, 15 Jul 2014
fingers pointing at man

Microsoft security tools give devs the warm fuzzies

Microsoft has released a general-purpose software tool for assessing the security of applications, part of a growing suite of free offerings designed to help third-party developers design safer programs. Microsoft Minifuzz is a lightweight file fuzzer, a type of tool that detects software bugs by throwing random data at an …
Dan Goodin, 16 Sep 2009
Executioner

Enough is ENOUGH: It's time to flush Flash back to where it came from – Hell

+Comment If you patched Adobe's screen door of the internet – its Flash plugin – last week, and thought you were safe, even for a few weeks, you were sadly mistaken. The Photoshop goliath is warning that yet another programming blunder in its code is being exploited in the wild, and says it won't have a patch ready to deploy until later …
Iain Thomson, 02 Feb 2015
apple mac malware vxer

Google makes malware microscope Mac mod

Google has upgraded its popular VirusTotal analysis tool by adding an Mac OS malware uploader in a bid to better understand increasing attacks against Cupertino's fruity 'puters. The tool has been made available for OS X 10.8 and 10.9. Malware and suspicious URL samples uploaded to VirusTotal are checked against 52 anti-malware …
Darren Pauli, 27 May 2014
Screaming kid

Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker

Twee UK parenting website Mumsnet is the second high-profile organisation to claim it has fallen victim to the infamous Heartbleed OpenSSL vulnerability. Hackers boasted they accessed Mumsnet users’ data via the password-leaking bug – which is present in HTTPS servers and other services and software running a OpenSSL 1.0.1 to 1. …
John Leyden, 15 Apr 2014
The Register breaking news

More than $60bn spunked on cyber-security in 2011

Global cyber-security spending is on track to exceed $60bn for 2011, according to a study by management consultants PwC. The growing tide of cyber threats, coupled with greater vulnerabilities due to the more pervasive use of technology – particularly mobile devices and cloud computing – are fueling a growth in cyber-security …
John Leyden, 01 Dec 2011