Feeds

Articles about Security Tools

Hacked sarcasm

Biz coughs up even less for security, despite mega breach losses

Information security budgets are falling despite a continuing rise in the number of attacks, according to a new report by management consultants PwC. Detected security incidents have increased 66 per cent year-over-year since 2009, reaching the equivalent of 117,339 attacks per day, according to PwC's "The Global State of …
John Leyden, 01 Oct 2014

Symantec retires low-end security software

Symantec has quietly retired its PC Tools range of security products. Acquired in 2008, PC Tools offered consumer-and-micro-business-grade anti-virus and network security tools dubbed “Spyware Doctor”, “Internet Security” and “Spyware Doctor with Antivirus”. Buying the Australian company that created the products gave Symantec a …
Simon Sharwood, 28 May 2013

FBI: Your real SECURITY TERROR? An ANGRY INSIDE MAN

Disgruntled workers are causing more problems for their employers, the FBI warns. Employees, ex-workers or contractors with a grudge against their former paymasters are abusing cloud storage sites or remote access to enterprise networks to steal trade secrets, customer lists or other sensitive information. Insider threats have …
John Leyden, 25 Sep 2014
VMware logo

VMware sells off Shavlik patch management tools to LANDesk

With new sheriff Pat Gelsinger now running the company for the past six months, VMware is getting more focused on its software-defined data center product line, extending up from basic server virtualization to the heavens, and is spinning off anything that is not directly supportive of its goals for virtualized data center and …
Houses of Parliament at night-time

UK.gov chucks another £260m at MOOC-based cyber security training

The UK government has published a progress report praising its own achievements in the two years since it launched an ambitious plan to make Britain the best place to do e-commerce. The National Cyber Security Strategy (NCSS), launched in November 2011, also has the goals of making the UK more resilient to cyber attack, building …
John Leyden, 13 Dec 2013

IBM claims first with Hadoop data security suite

IBM is launching what it claims is the first data security system for Hadoop, as part of its biggest product rollout of security software and services yet seen from the company. Big Blue's not the highest profile security firm, but it has been buying in a lot of talent over the last three years and last year grouped staff and …
Iain Thomson, 18 Oct 2012
management governance3

New security standard for CHAPS who have your CREDIT CARD data

A new version of the PCI-DSS payment card industry standard was published yesterday, and is due to come into effect at the start of January. The new rules place a greater emphasis on promoting improved security rather than complying with pre-set rules. PCI DSS 3.0 is designed to "help organisations take a proactive approach to …
John Leyden, 08 Nov 2013
The Register breaking news

Ruby off the Rails: Enormo security hole puts 240k sites at risk

Popular programming framework Ruby on Rails has two critical security vulnerabilities - one allowing anyone to execute commands on the servers running affected web apps. The newly uncovered bugs both involve the parsing and handling of data supplied by visitors to a Rails application. The CVE-2013-0156 hole is the more severe of …
John Leyden, 10 Jan 2013
The Register breaking news

Tablet security study finds BlackBerry still good for something

A technology audit has identified security failings in three of the most popular tablets, raising concerns about the security implications of allowing workers to use their personal technology at work. A study by Context Information Security looked at Apple's iPad, Samsung's Galaxy Tab and RIM's BlackBerry PlayBook, and concluded …
John Leyden, 05 Oct 2012
For Sale sign detail

HP buys security tools firm ArcSight for $1.5bn

HP has agreed to buy security event management firm ArcSight for $1.5bn. The deal, rumoured over the weekend and announced on Monday, is the IT giant's second significant acquisition in two weeks, following the purchase of storage outfit 3PAR. It also follows last month's deal to buy application security tools firm Fortify …
John Leyden, 13 Sep 2010
Spying image

New software ported from Windows to Mac! You'll never guess what. Yes, it's spyware

Miscreants have ported five-year-old spyware XSLCmd to OS X. The Windows version of the malware has been around since 2009, and the Apple Mac edition of XSLCmd shares significant portions of the same code. It can open a reverse shell to its masters, automatically transfer your documents to a remote system, install executables, …
John Leyden, 05 Sep 2014
Malware

Twitter 'news' spreads faster than Ebola #FakeCures #Malware

Social media has become a conduit for the spread of fake cures and treatments for Ebola. As if that weren't bad enough, confusion about the epidemic is also being harnessed to push malware and other cybercrime scams, security watchers warn. The hoaxes began in the Twittersphere with the spread of false ways to treat Ebola. Late …
John Leyden, 20 Oct 2014
The Register breaking news

McAfee, IBM gobble rival security-intelligence firms

McAfee and IBM have both bought into the expanding security intelligence market with the acquisition of start-ups NitroSecurity and Q1 Labs, respectively. Financial terms on both deals, announced Tuesday, were undisclosed. Both NitroSecurity and Q1 Labs make software tools that allow enterprises to make sense of security logs …
John Leyden, 04 Oct 2011
Kronos

'Father of Zeus' banking trojan appears at very reasonable price

A banking trojan dubbed the father of the infamous Zeus malware is being flogged on cybercrime marketplaces for a pricey $7000, says fraud specialist Etay Maor. The Kronos malware was sold on a cybercrime forum, pitched particularly to Zeus trojan customers given its capabilities to re-use that trojan's form grabbing templates …
Darren Pauli, 15 Jul 2014
apple mac malware vxer

Google makes malware microscope Mac mod

Google has upgraded its popular VirusTotal analysis tool by adding an Mac OS malware uploader in a bid to better understand increasing attacks against Cupertino's fruity 'puters. The tool has been made available for OS X 10.8 and 10.9. Malware and suspicious URL samples uploaded to VirusTotal are checked against 52 anti-malware …
Darren Pauli, 27 May 2014
The Register breaking news

Microsoft refreshes secure developer software tools

Microsoft has released a new software tool to help developers write secure applications by highlighting the system changes created when their wares are installed on Windows machines. The Attack Surface Analyzer, released on Tuesday, is a free verification tool that analyzes the changes in system state, runtime parameters and …
Dan Goodin, 19 Jan 2011

Windows 8 security is like a swiss cheese flak jacket - sez AV firm

The knives are out for Windows Defender, the basic anti-malware protection bundled with Windows 8: makers of rival antivirus products are lining up to criticise Microsoft's efforts to secure its operating system. Windows 8 can be infected by 16 percent of the most common malware families, even with Windows Defender activated, …
John Leyden, 13 Nov 2012
The Register breaking news

UK boffins get £3.8m pot to probe 'science of cyber-security'

GCHQ, the UK's nerve-centre for eavesdropping spooks, has established what's billed as Blighty's first academic research institute to investigate the "science of cyber security". The lab - which was set up with the Research Councils' Global Uncertainties Programme and the government's Department for Business, Innovation and …
John Leyden, 14 Sep 2012
Screaming kid

Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker

Twee UK parenting website Mumsnet is the second high-profile organisation to claim it has fallen victim to the infamous Heartbleed OpenSSL vulnerability. Hackers boasted they accessed Mumsnet users’ data via the password-leaking bug – which is present in HTTPS servers and other services and software running a OpenSSL 1.0.1 to 1. …
John Leyden, 15 Apr 2014
The Register breaking news

Floating security tools span sky of clouds

Layer 7 Technologies - an outfit that handles security for XML web services and what the world now calls clouds - has introduced a new collection of tools for securing and managing sky-high infrastructure and applications. On Monday, the Canada-based company introduced a family of products dubbed CloudSpan, and it spans (just …
Cade Metz, 19 Apr 2010
Night scene of bank station in central london

Bank of England seeks 'HACKERS' to defend vaults against e-thieves

The Bank of England is planning to hire ethical hackers to conduct penetration tests on 20 "major" banks and other financial institutions, it has been reported. The move appears to be a response to lessons learned during the Waking Shark II security response exercise last November. The exercise put merchant banks and other …
John Leyden, 24 Apr 2014
Malware

Car makers, space craft manufacturers infected with targeted recon tool

Researcher James Blasco is warning the auto and aerospace industries against engineering software that's been compromised by keystroke-logging and reconnaissance malware. Blasco says an un-named provider of such software was compromised after a staffer visited a watering hole website that was established specifically to lure …
Darren Pauli, 03 Sep 2014
EMC's new Syncplicity apps

EMC puts on an 'appy face to box Box, Dropbox

EMC's attempt to do better in the world of share 'n' sync tools has given Microsoft a back door into iOS and Android. The back door comes in the form of new mobile apps for the information management company's Syncplicity service. EMC has, over the years, 'fessed up to a less-than-stellar outlook for its document management …
Simon Sharwood, 30 Jan 2014
Github octodex

US giant NBC 'leaks' PRIVATE Amazon keys in Github Glenn gaffe

A London-based developer claims he was accidentally given the keys to US broadcaster NBC Universal’s websites – thanks to a username mix up on GitHub. Glenn Shoosmith was an early adopter of Github, and thus bagged the short-and-sweet user ID Glenn in July 2008. Repositories can be public and viewable by all, or private and …
John Leyden, 20 May 2014
balaclava_thief_burglar

1.1 MILLION customers' credit card data was swiped in Neiman Marcus breach

US luxury retailer Neiman Marcus has confirmed that details from 1.1 million customers' cards were stolen in a recently detected high-profile breach. Card details were lifted after hackers successfully planted malware on payment systems over a period that ran between 18 July and 30 October last year, far earlier than previously …
John Leyden, 24 Jan 2014
The Register breaking news

More than $60bn spunked on cyber-security in 2011

Global cyber-security spending is on track to exceed $60bn for 2011, according to a study by management consultants PwC. The growing tide of cyber threats, coupled with greater vulnerabilities due to the more pervasive use of technology – particularly mobile devices and cloud computing – are fueling a growth in cyber-security …
John Leyden, 01 Dec 2011

World still standing? It's been two weeks since Cryptolocker, Gameover Zeus takedown by feds

Two weeks have passed since the feds knackered the systems doling out the GameOver ZeuS and CryptoLocker malware to PCs. G-men warned us the world had just a fortnight to clean up compromised Windows machines and defend them from the software nasties before their masters regrouped. That time has passed ... and not much has …
John Leyden, 19 Jun 2014
Windows 10 Start Button

Microsoft WINDOWS 10: Seven ATE Nine. Or Eight did really

Microsoft has shown off Windows 10, and described it as a blend of Windows 7 and 8. Redmond thinks the new operating system is so revolutionary, it skipped over version 9 and went straight to double digits. "We will carry forward all that is good in Windows," Terry Myerson, executive vice president of the operating systems …
Iain Thomson, 30 Sep 2014
fingers pointing at man

Microsoft security tools give devs the warm fuzzies

Microsoft has released a general-purpose software tool for assessing the security of applications, part of a growing suite of free offerings designed to help third-party developers design safer programs. Microsoft Minifuzz is a lightweight file fuzzer, a type of tool that detects software bugs by throwing random data at an …
Dan Goodin, 16 Sep 2009
Concert tickets Creative Commons licence by flickr user NZ Hamstar http://www.flickr.com/photos/16982169@N03/

Six charged over StubHub e-ticket heist for Elton John gigs

Six suspected cybercriminals have been indicted over their alleged involvement in a hack attack on eBay-owned ticketing website StubHub. Thieves got into more than 1,600 of StubHub customers' accounts and used their credit card details to fraudulently buy tickets for events through the online ticket reseller. The scam - reckoned …
John Leyden, 24 Jul 2014

Two million TERRIBLE PASSWORDS stolen by malware attackers

Researchers have uncovered a massive cache of stolen account credentials which could impact some two million users. Security firm Trustwave said that its SpiderLabs reconnaissance team has detected a malware operation which has been able to pilfer account credentials on infected machines and build an archive of lifted passwords …
Shaun Nichols, 04 Dec 2013

Yet ANOTHER IE 0-day hole found: Malware-flingers already using it for drive-by badness

Security researchers have discovered new zero-day vulnerabilities in Internet Explorer that are already being harnessed by hackers to run a new type of drive-by attack. FireEye, the security firm that discovered the attack method, said that the flaw is present in various versions of Internet Explorer 7, 8, 9 and 10, while …
John Leyden, 11 Nov 2013
Prison window

Prison Locker: A load of überhyped malware FUD over... internet chatter

An underground advert seeking help in developing a file-encrypting ransomware kit that might be sold for just $100 a go sparked something of a panic on the interwebs this week. But security watchers are yet to see any samples of the so-called Prison Locker ransomware, leading at least two security firms to characterise the …
John Leyden, 10 Jan 2014
Borked computer keyboard

How to stop intruders without knocking out the workers

For a sysadmin, fighting malware feels like an uphill battle that you are never going to win. Security software vendors are in a constant catch-up game, trying to create definitions to protect their customers from the latest round of malware. Sysadmins have the tough job of using their various security software and devices, …

Microsoft offloads heap of critical fixes in 'ugly' Patch Tuesday

Microsoft is planning a high-impact edition of Patch Tuesday with seven bulletins this month - six of which cover critical flaws. The less-than-magnificent seven cover all supported versions of Windows and every version of MS Office, as well as updates for Lync, Silverlight, Visual Studio and .NET. Internet Explorer, from IE6 on …
John Leyden, 05 Jul 2013
A cow

Kerching! Nominet preps for cash AVALANCHE from shorter UK domain names

Whether online businesses in the UK like it or not - Dot-UK registry Nominet is now bringing second-level namespaces to life. The Oxford-based outfit said today that, from next summer, companies would be able to bid for the shorter domain names. It said that Nominet's existing 10 million .uk customers would be offered the …
Kelly Fiveash, 20 Nov 2013

Java updates too much of a bother? Maybe online banking's just not for you

Security researchers have spotted a surge in attacks against online banking customers, thanks to a new strain of Java-exploiting Trojan Caphaw (aka Shylock). Over the last month or so the malware has targeted customers in at least 24 financial institutions, including Bank of Scotland, Barclays Bank, First Direct, Santander …
John Leyden, 23 Sep 2013
The Register breaking news

Legal goons threaten researcher for reporting security bug

A German software company has threatened legal action against a security researcher who privately reported a critical vulnerability in one of its programs, Dark Reading reports. Legal goons from Magix AG sent a nasty gram to a researcher who goes by “Acidgen” after he reported the stack buffer overflow in the company's Music …
Dan Goodin, 29 Apr 2011
The Register breaking news

Chinese Trojan blocks cloud-based security defences

Miscreants have released a Trojan specially designed to disable cloud-based anti-virus security defences. The Bohu blocks connections from infected Windows devices and cloud anti-virus services in place to protect them. Malware writers have long included routines to disable components of desktop anti-virus software packages or …
John Leyden, 20 Jan 2011

You dirty RAT: Trend Micro spots new Asia-wide attack

Security researchers are warning of yet another advanced, large-scale attack campaign using sophisticated techniques to hide itself from its targets – organisations across Asia. Trend Micro has dubbed the campaign Naikon, based on the HTTP user-agent string “NOKIAN95/WEB” found in various targeted attacks across the region in …
Phil Muncaster, 14 Jun 2013
The Register breaking news

E-shopkeepers stabbed with SQL needles 'twice' as much as other sites

Retailers suffer twice as many SQL injection attacks on their systems as other industries, according to a new study by data-centre security firm Imperva, which claims the ferocity of web-based assaults is growing. The fourth annual edition of Imperva's Web Application Attack Report [PDF] also revealed that e-shopping …
John Leyden, 23 Jul 2013
channel

Novell to mashup management tools

It seems that most of the IT industry is trying to figure out how to make money by vertically integrating some aspects of the data centre and selling a complete solution that addresses the whole stack. Novell - known predominantly for its NetWare and SUSE Linux operating systems - is no exception. Having shelled out big bucks - …
The Register breaking news

CISPA row: Slurped citizen data is ENORMO HACK TARGET - infosec boss

The ability to identify common patterns in real-world attacks makes crowd-sourcing threat intelligence extremely useful, according to a study from security tools firm Imperva. The report arrives just as a privacy row rages over the new Cyber Intelligence Sharing and Protection Act (CISPA) law in the US. But the head of the …
John Leyden, 23 Apr 2013

PHP.net resets passwords after malware-flinging HACK FLAP

The team behind popular web programing site PHP.net is in the process of restoring services and tightening security in the aftermath of a hack that exposed visitors to JavaScript-based exploits. Malicious JavaScript code was served to a small percentage of php.net users between 22 and 24 October after two php.net servers were …
John Leyden, 25 Oct 2013
The Register breaking news

Asian political activists whacked in Mac backdoor hack attack

A security hole in Microsoft Office for Mac OS X is being exploited to hack and spy on Asian activists at odds with the Chinese government. In the past few days, spear-phishing emails - highly targeted booby-trapped messages - were sent to Apple users in the Uyghur community, which is an ethnic group of people mostly (but not …
John Leyden, 14 Feb 2013

Finally, someone's fixed THAT Android hole. Was it your mobe network? No

A new tool attempts to close down the master-key vulnerability in Google Android that allows malicious software to masquerade as legit apps. Free utility ReKey hooks into the underlying operating system to defend fandroids who may be fretting about exactly when an official patch will arrive from their smartphone manufacturer or …
John Leyden, 17 Jul 2013

Firms 'coughed $39 BEEELLION' for system software in 2012

The system infrastructure software racket is a steady business and a profit center for the IT industry, and according to projections from IDC, this space is on track to grow steadily over the next few years. IDC just finished taking a snapshot of this hairball segment of the IT racket, examining the sales of 220 vendors across …

When desktop security is a remote possibility

You, the readers of The Register, have told us that supporting users is fraught with problems. And when it comes to looking after remote users things get even more difficult. It is clear that running all remote users in thin client mode is a prospect that, while attractive, still does not fit well with a broad set of business …
Tony Lock, 17 Jun 2010

UK.gov open to hiring EX-CON hackers for cyber reserves

The UK army of cyber reservists is open to the idea of hiring convicted hackers into its ranks. The new head of the Joint Cyber Reserve Unit, Lieutenant Colonel Michael White, told BBC Newsnight that applicants would be assessed on their skills and capabilities, rather than personality traits or past histories. Asked whether he …
John Leyden, 23 Oct 2013
Baidu Logo

Chinese search giant Baidu launches free AV

Chinese search giant Baidu has been quietly testing the waters in the security space, with the launch of a free English language AV product for Windows. Baidu Antivirus 2013 features traditional signature-based AV and cloud-based threat protection and tries to optimise PC performance along the way. Little other information about …
Phil Muncaster, 05 Mar 2013