ICYMI: GCHQ and the Belgacom attack, digital forensics and Tor darknets

ICYMI: GCHQ and the Belgacom attack, digital forensics and Tor darknets

This week's ICYMI looks at the top five articles on SC, including new hacking allegations against the GCHQ and the return of Tor dark markets.

ICYMI: Sony passwords, government malware and the return of Poodle

ICYMI: Sony passwords, government malware and the return of Poodle

This week's In Case You Missed It looks at the five most popular articles on SC, including weak passwords exposed in the Sony Pictures breach and the return of the Poodle flaw.

Police, digital forensics and the case against encryption

Police, digital forensics and the case against encryption

The Metropolitan Police has become the latest law enforcement agency to complain that encryption makes it difficult to catch and prosecute criminals.

ICYMI: The security blame-game, Cyber Monday, DDoS attacks & Sony's breach

ICYMI: The security blame-game, Cyber Monday, DDoS attacks & Sony's breach

This week's In Case You Missed It looks at the five most popular articles on SC, including the launch of a new cyber-security degree, new ATM malware and Sony's latest data breach.

CERT-UK: Fighting back against cyber-criminals

CERT-UK: Fighting back against cyber-criminals

Six months after launch and the UK's National Computer Emergency Response Team (CERT-UK) is seeing rising awareness of the group, the CiSP initiative and cyber-crime more generally.

ICYMI: UK cyber-security courses, government malware and the new Sony hack

ICYMI: UK cyber-security courses, government malware and the new Sony hack

This week's In Case You Missed It looks at the most popular articles on SC including news of CESG-accredited cyber-security courses, the Regin malware and the latest Sony hack.

ICYMI: Cyber-terrorism and politics, former hackers & supply chain problems

ICYMI: Cyber-terrorism and politics, former hackers & supply chain problems

This week's In Case You Missed It looks at the latest cyber-terrorism claims, former hackers in enterprises and issues to be dealt with in the supply chain.

CESG approved cyber-security training launched

CESG approved cyber-security training launched

CESG certified cyber security training launched today with eight companies and 12 courses accredited.

ICYMI: Defining APTs, new TLS bugs and NHS data breaches

ICYMI: Defining APTs, new TLS bugs and NHS data breaches

TLS bugs, the definition of an advanced persistent threat and new figures on NHS data breaches are the pick of the stories in the latest In Case You Missed It column.

ICYMI: Tor criminals, the Apple 'virus' and InfoSec salaries

ICYMI: Tor criminals, the Apple 'virus' and InfoSec salaries

Our latest In Case You Missed It (ICYMI) column looks at the take-down of Silk Road 2.0 and other dark markets on Tor, the new WireLurker malware and some good news for cash-happy InfoSec pros.

'Every day is a challenge' - Inside Europol's fight against cybercrime

'Every day is a challenge' - Inside Europol's fight against cybercrime

Europol's European Cybercrime Centre (EC3) is growing faster than expected. Doug Drinkwater visited its offices in The Hague, Netherlands, to find out how it is uniting law enforcement in the fight against cyber-criminals

Making waves and headlines: 2014 in review

Making waves and headlines: 2014 in review

2014 was the year that cyber-security hit the headlines, with data breaches, more government surveillance leaks, and celebrity exposures causing the UK public to lose faith in the web, reports Tony Morbin

Cybercrime: the new normal

Cybercrime: the new normal

In an interview with SC's Tony Morbin, the NCCU's Jamie Saunders explained how 'policing by consent' contends with the tidal wave of new criminal opportunities unleashed by digital technology and the connected world

ICYMI: Drupal flaw, Android Lollipop and security shortcomings

ICYMI: Drupal flaw, Android Lollipop and security shortcomings

This week's In Case You Missed Column looks at websites at risk from Drupal's SQL injection flaw, security features on Android and information security shortcomings in business.

ICYMI: Internet of Things bugs, Apple woes in China and the CISO shelf-life

ICYMI: Internet of Things bugs, Apple woes in China and the CISO shelf-life

This week's In Case You Missed It column looks at the Internet of Things, Apple's troubles in China and a strongly worded goodbye note by the outgoing head of GCHQ.

Control systems are under attack: 4SICS

Control systems are under attack: 4SICS

Control systems are visible on the internet and under attack from dedicated malware, but vendors are not providing adequate security.

2015: Prime time for information security?

2015: Prime time for information security?

Further data breaches, Heartbleed-type flaws and new revelations about government surveillance will likely continue in 2015 but, as Doug Drinkwater reports, it could also prove a pivotal year for data protection, law reform, the Internet of Things and the fight against terrorism

Security in 2015: Biometrics

Security in 2015: Biometrics

While biometric technology is becoming more sophisticated, it is still far from infallible. Kate O'Flaherty reports

ICYMI: Poodle, hacking smart meters and spending big on cyber security

ICYMI: Poodle, hacking smart meters and spending big on cyber security

This week's In Case You Missed It column looks at a new SSL flaw, attacks on smart meters, FBI's problem with phone encryption and the bank that is spending £310 million on cyber security.

ICYMI: GCHQ transparency, data trust and the Snapchat hack

ICYMI: GCHQ transparency, data trust and the Snapchat hack

This week's In Case You Missed It column looks at concerns around data trust and transparency, and the latest serious data breach at one of the biggest technology start-ups.

Information security budgets on the decline?

Information security budgets on the decline?

A new report which claims information security budgets have fallen has been called into question, but carries better news for security companies and security awareness training.

Connected cars: Leaving the door ajar for cybercriminals?

Connected cars: Leaving the door ajar for cybercriminals?

Your next new car is likely to connect - via the internet - to an assortment of applications and sensors in order to tap into valuable data. But questions are now being asked now on the potential privacy and security risks.

ICYMI: Shellshock attacks, cyber Armageddon and unpredictable hackers

ICYMI: Shellshock attacks, cyber Armageddon and unpredictable hackers

This week's In Case You Missed It column looks at the first attacks resulting from the Bash/Shellshock bug, claims of cyber Armageddon and unpredictable hackers.

ICYMI

ICYMI

This week's In Case You Missed It (ICYMI), China's industrial spying; US extra-territorial claims; SANS event; Card hacks increase; Malvertsing growth; staff data-theft criminal; Biometric smartphones up tenfold; Celebgate hits cloud; Kids, weakest link; Women's Security Society event; Kyle and Stan hit millions.

Cloud computing hit by 'Celebgate'

Cloud computing hit by 'Celebgate'

Enterprises are questioning their cloud strategy after Apple's iCloud service was implicated in the leak of nude celebrity photos. But should one bad Apple spoil the bunch?

The worst happens. What next?

The worst happens. What next?

You've accepted that you are going to be breached at some point. Tony Morbin looks at how this new perspective should be reflected in your response planning

Google Glass: a ticking time bomb?

Google Glass: a ticking time bomb?

Kate O'Flaherty reports how the security implications of wearable technology are becoming clearer as Google Glass infiltrates the corporate market

What are the rules in cyber-warfare

What are the rules in cyber-warfare

Cyber-warfare is so new that the 'ground-rules' are still being established. After the 2007 APT cyber-attack on Estonia, Nato created a cyber-defence centre and the Tallinn Manual ensued. Nazan Osman provides an overview of some of the CCDCOE's and manual's conclusions

Snowden's forgotten legacy - highlighting insider threat

Snowden's forgotten legacy - highlighting insider threat

NSA whistleblower Edward Snowden lifted the lid on government surveillance but, as Doug Drinkwater reports, his disclosures have also had a significant impact on how companies view rogue employees

Cyber Essentials: benchmarking best practice

Cyber Essentials: benchmarking best practice

From October 2014 many UK public sector information handling projects will require contractors to be Cyber Essentials certified. Tony Morbin looks at how the scheme works, its aims, implementation, shortcomings and potential next steps

The 5 most read articles this week: August 22 to 28

The 5 most read articles this week: August 22 to 28

Here are the five most popular articles, as read by you the reader, in the week for August 22 to 28.

ICYMI: Sony PlayStation hack, security spending & 'unbreakable' encryption

ICYMI: Sony PlayStation hack, security spending & 'unbreakable' encryption

This week's In Case You Missed It column looks at Sony PlayStation Network hack, the rise in security spending and surprising new claims on cyber security skills and encryption.

SCADA systems: Riddled with vulnerabilities?

SCADA systems: Riddled with vulnerabilities?

SCADA systems are essential to the smooth running of critical infrastructure but, as evidenced by the Stuxnet attack, they can be exploited through software and hardware vulnerabilities, and human error. But experts contest if they are really under threat.

ICYMI: NSA insiders, hacking living rooms & learning from Target

ICYMI: NSA insiders, hacking living rooms & learning from Target

This week's In Case You Missed It looks at rumours on a new NSA insider, hackable living rooms and if police are turning the tide on cyber-criminals.

The 5 most read articles this week: August 15 to 21

The 5 most read articles this week: August 15 to 21

Here are the five most popular articles, as read by you the reader, in the week for August 15 to 21.

Should you use cyber insurance to mitigate risk?

Should you use cyber insurance to mitigate risk?

While still a relatively immature industry, cyber insurance can reduce the costs of recovering from a breach, and, as Tony Morbin reports, it can also play a role in driving adoption of best practice, including de-facto standards in critical infrastructure.

The 5 most read articles this week: August 8 to 14

The 5 most read articles this week: August 8 to 14

Here are the five most popular articles, as read by you the reader, in the week for August 8 to 14.

ICYMI: Data breach disclosure, European privacy & internet outages

ICYMI: Data breach disclosure, European privacy & internet outages

This week's In Case You Missed It looks at data breach response, new concerns on EU privacy and claims that the internet is breaking 'under its own weight'.

Black Hat reports: Lurk Downloader & cryptocurrency mining hijacker

Black Hat reports: Lurk Downloader & cryptocurrency mining hijacker

During Black Hat Dell SecureWorks' threat reports included details on its research into the Lurk Downloader and hijacking attempts on large hosting companies' networks.

ICYMI: Black Hat news, biggest breach ever & figures to take to the CEO

ICYMI: Black Hat news, biggest breach ever & figures to take to the CEO

This week's In Case You Missed It (ICYMI) highlights from the Black Hat conference, and reaction to the 'biggest data breach ever'.

The 5 most read articles this week: August 1-7

The 5 most read articles this week: August 1-7

Here are the five most popular articles, as read by you, the reader, in the week for August 1 to 7.

The 5 most read articles this week: July 25-31

The 5 most read articles this week: July 25-31

Here are the five most popular articles, as read by you the reader, in the week for July 25 to 31.

ICYMI: Driverless cars, cyber espionage & the hidden cost of data breaches

ICYMI: Driverless cars, cyber espionage & the hidden cost of data breaches

This week's In Case You Missed It column considers early security questions on driverless cars, the hidden cost behind data breaches and new claims of industrial cyber espionage.

The 5 most read articles this week: July 18-24

The 5 most read articles this week: July 18-24

Here are the five most popular SC articles, as seen by you the reader, in the week for July 18 to 24.

ICYMI: Questions on cyber warfare, start-up money and helping out charities

ICYMI: Questions on cyber warfare, start-up money and helping out charities

This week's In Case You Missed column considers the possibility of cyber warfare, the money reaching cyber security start-ups and how charity can start at home for InfoSec practitioners.

The 5 most read articles this week: July 11-17

The 5 most read articles this week: July 11-17

Here are the five most popular SC articles, as seen by you the reader, in the week for July 11 to 17.

Conference report: Intelligence services share secrets with private sector

Conference report: Intelligence services share secrets with private sector

UK Financial Cyber Security summit sees call for cross-border and sector info sharing; cyber expenditure plans and investment in exports revealed.

The 5 most read articles this week: July 4-11

The 5 most read articles this week: July 4-11

Here are the five most popular articles, as read by you the reader, in the week for July 4 to 11.

Digital signatures are now legal authentication

Digital signatures are now legal authentication

But where does this leave anyone whose electronic identity has been stolen as a result of a malware infection?

ICYMI: Microsoft takedown, policing cybercrime & eyes on Tor and Tails

ICYMI: Microsoft takedown, policing cybercrime & eyes on Tor and Tails

This week's In Case You Missed It (ICYMI) looks at Microsoft's action against cybercriminals, the cyber security skills gap and NSA spying on Tor users.

CASE STUDY: Women's Security Society

CASE STUDY: Women's Security Society

A conversation with Jane Wainwright, Co-founder Women's Security Society and now senior manager at PWC.

Securing the Olympics

Securing the Olympics

With a military background in insider threat, Jane Wainwright tackled threats from inside and out to secure London's 2012 Olympics.

EU Data Protection Regulation: Rocky road to compliance

EU Data Protection Regulation: Rocky road to compliance

The EU is inching ever closer to putting the much-anticipated EU General Data Protection Regulation on the statute books, and that could see many companies playing catch up.

Women in IT security: Pushing at an open door?

Women in IT security: Pushing at an open door?

Why don't more women choose information security as a profession? What are the barriers, and what can be done to rectify the situation?

How secure is cloud - really?

How secure is cloud - really?

Revelations of government surveillance are fuelling a paranoia that isn't going to subside. So should firms be afraid of adopting cloud?

ICYMI: 'Shoddy' PayPal, Google Glass & hacking BYOD

ICYMI: 'Shoddy' PayPal, Google Glass & hacking BYOD

The latest In Case You Missed Column focuses on PayPal's two-factor authentication, the launch of Google Glass and new banking attacks.

Google Glass launch raises questions on wearable security

Google Glass launch raises questions on wearable security

Google Glass is now available in the UK for £1,000, but will the data-gathering wearable computing device face roadblocks because of privacy and security concerns?

ICYMI: NSA friendships, cloud concerns & Android flaws

ICYMI: NSA friendships, cloud concerns & Android flaws

This week's In Case You Missed It column looks at NSA friendships, concerns on the cloud and the latest flaw affecting Android users.

GCHQ promotes collaborative action

GCHQ promotes collaborative action

The IA14 Conference in London on Monday concluded with GCHQ director, Sir Iain Lobban, giving an insight into how GCHQ sees its role protecting and supporting UK citizens, industry and the economy.

ICYMI: DDoS tactics, privacy demands and prying on company acquisitions

ICYMI: DDoS tactics, privacy demands and prying on company acquisitions

A spate of DDoS attacks against cloud services Evernote and Feedly is the talk of this week's In Case You Missed It column.

Alarm bells ring for Internet of Things after smart TV hack

Alarm bells ring for Internet of Things after smart TV hack

Two researchers from Colombia University in the US have found that millions of internet-connected TVs could be taken over in a man-in the-middle attack.

ICYMI: Praise for Operation Tovar, Vodafone transparency & Open SSL problems

ICYMI: Praise for Operation Tovar, Vodafone transparency & Open SSL problems

The big news in this week's In Case You Missed It (ICYMI) column is the FBI-led Operation Tovar, which saw the disruption of the Gameover Zeus and CryptoLocker botnets.

ICYMI: eBay passwords, bad guys get badder & Microsoft's mad week

ICYMI: eBay passwords, bad guys get badder & Microsoft's mad week

eBay's data breach is the top news story in this week's In Case You Missed It (ICYMI) column.

ICYMI: "Dead" anti-virus, mobile ransomware; more EU DPA problems

ICYMI: "Dead" anti-virus, mobile ransomware; more EU DPA problems

This week's In Case You Missed It column looks at the state of anti-virus, ransomware going mobile and the EU's upcoming Data Protection Regulation.

ICYMI: AOL data breach, fighting cybercrime, Target CISO and Windows XP

ICYMI: AOL data breach, fighting cybercrime, Target CISO and Windows XP

In a roller coaster week which saw AOL report a data breach, Target appoint a CISO and all the madness around Infosecurity Europe, SC looks at all the major stories in our latest In Case You Missed It column.

Healthy scepticism

Healthy scepticism

With potential fines of up €100 million under EU Data Protection Reform, accidental data breaches have moved up the boardroom agenda. Tony Morbin reports on data concerns at Health Authorities in England and Wales, where despite differing systems, data leakage is also being addressed.

The Growing Risk

The Growing Risk

Large-scale cyber espionage is not new - it is the methods behind it which are becoming more complex and sophisticated, reports Kate O'Flaherty.

The view from the ground: Managing BYOD

The view from the ground: Managing BYOD

Bring your own device (BYOD) is in full swing, but most FTSE 100 and SMEs are only now realising that there's more to managing the deluge of personal smartphones and tablets coming into the office than brute force alone, reports Doug Drinkwater

ICYMI: Putin's rage, DDoS attacks, and post-Heartbleed OpenSSL

ICYMI: Putin's rage, DDoS attacks, and post-Heartbleed OpenSSL

This week's In Case You Missed It column looks at Vladimir Putin's Internet views, bigger and badder DDoS attacks, and further reaction to OpenSSL and Heartbleed.

ICYMI: 'Banksy' sketches GCHQ, Heartbleed rumours & cloud confusion

ICYMI: 'Banksy' sketches GCHQ, Heartbleed rumours & cloud confusion

As another week in information security zips by, we look at the top stories in our weekly In Case You Missed It (ICYMI) column.

More jobs but cyber security skills gap widens

More jobs but cyber security skills gap widens

There's an increasing demand for cyber security specialists in information security, but the challenge remains bringing the right graduates into the fold.

Big Data: A big deal?

Big Data: A big deal?

IT decision makers are leveraging Big Data security analytics tools to serve up more information on threats, reports Doug Drinkwater.

Patching: the unlocked door

Patching: the unlocked door

With Windows XP fast approaching its end-of-support deadline, many firms are going to be at risk of attack, reports Kate O'Flaherty.

Surety Business

Surety Business

The UK aims to be the safest place to do business online, but that aim is potentially undermined by cyber security skills shortages, says (ISC)²'s John Colley. Tony Morbin reports

PCI compliance: The slow road to progress

PCI compliance: The slow road to progress

PCI DSS 3.0 may be on the horizon, but a new study suggests that companies are not only slow in updating, but also approaching compliance in the wrong way.

European investigators want cross-border legislation to fight cyber crime

European investigators want cross-border legislation to fight cyber crime

Criminal investigators want changes made to European law so that they can fight international cyber crime faster and more efficiently.

Cyber security 'failure' could result in next major terrorism attack

Cyber security 'failure' could result in next major terrorism attack

Compliance, standards, a shortage in IT security skills and budgets are reasons behind the 'failure' of cyber security, experts conclude at French information security conference

Privacy & security concerns threaten to derail the Internet of Things

Privacy & security concerns threaten to derail the Internet of Things

The world's largest consumer electronics event boasts new gadgets, but concerns rise on the Internet of Things.

Safe Passage

Safe Passage

The latest PCI update offers improvements to ensure security in online transactions, says Tim Lansdale, head of payment security, WorldPay. Tony Morbin reports.

League table Go-Ahead

League table Go-Ahead

In a special one-off case study linking our themes of PCI compliance and security spend, Random Storm technical director and co-founder Andrew Mason describes to SC a case study that tackles both issues with the aid of league tables.

Coping with chaos

Coping with chaos

It may be a time of great change for the infosec industry, but advice on achieving the budgets needed to keep up with new threats remains remarkably consistent, reports Thomas Brewster.

Understanding the role of hacktivism

Check Point VP says individual hacking actions are not always criminal

Keeping up with the bad guys

Keeping up with the bad guys

Malware writing has undergone many changes over the years - from hobbyists to a criminal business - with mobile and social now the hot targets, Rob Buckley reports.

Top 10 issues in IT security for 2014

Top 10 issues in IT security for 2014

From banking hacks and malicious mobile apps to insider leaks and a serious data breach each month, 2014 promises to a challenging year for CISOs.

Out of site, but in mind

Out of site, but in mind

Services abound for business continuity and disaster recovery in the cloud, but what's the right choice for your organisation? Alan Earls investigates the options.

APTs: why you should care and what to do about them

APTs: why you should care and what to do about them

Advanced persistent threats are a real and present danger to all organisations big and small, and only the foolhardy would dismiss them as another hyped security buzz phrase.

Sea change

Sea change

The role of the chief information security officer is expanding to meet new challenges, says Paul Swarbrick, former CISO at NATS, as Karen Epper Hoffman reports.

Mobile security case study: Higher calling

Mobile security case study: Higher calling

A UK college provides its 'digital natives' with a secure environment that can be accessed anywhere from any device, reports Greg Masters.

Call of duty

Call of duty

With so much of the national infrastructure, from utilities to the internet itself, a potential target of attack, the Government is forging partnerships with the private sector to help protect the services we all rely on. But, in the wake of Edward Snowden, defence is no longer just a question of what can be done, but also of what is acceptable. Asavin Wattanajantra reports.

Raising the standard of PCI DSS

Raising the standard of PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is approaching its third iteration - and with it comes another chance to make the global standard fairer, more relevant and fit for purpose. By Phil Muncaster.

An inside job: the danger that lurks within

An inside job: the danger that lurks within

Every business faces the possibility of external attacks, but the real threat could be buried within, in the form of the disgruntled employee, says Dan Raywood.

Passwords: Fighting on the losing side?

Passwords: Fighting on the losing side?

Recent high-profile password breaches have raised doubts about current security measures, and whether a password can ever really be secure. By Dan Raywood.

The problem with SEDs

The problem with SEDs

Self-encrypting hard drives seemed to be a no-brainer when they hit the market due to their efficacy, but adoption has been poor because trends, such as the cloud, justify reliance on software that protects data wherever it is. By Asavin Wattanajantra.

SC Interview: Amar Singh, CISO at News International

SC Interview: Amar Singh, CISO at News International

As the chief information security officer of publishing giant News International, as well as having a pivotal role at ISACA, Amar Singh has a lot on his plate. He tells Dan Raywood about his personal philosophy of managing security in a large organisation, and why he wants to see former soldiers join the industry.

SC Survey in association with Good Technology: What you think about BYOD

SC Survey in association with Good Technology: What you think about BYOD

SC Magazine's second survey this month, in association with Good Technology, reveals a healthy attitude to BYOD, reports Tim Baker.

Just how secure is open source software?

Just how secure is open source software?

Open source software fosters innovation and inclusion, but what about the security, asks Asavin Wattanajantra.

SC Survey: Skills shortage in infosec

SC Magazine's latest survey asked the key questions on the skills and people shortage in the infosec industry. Here, we analyse the main findings from the online poll.

Infosec skills - Finally some answers to the big question

Infosec skills - Finally some answers to the big question

It's the problem that won't go away - so what is actually being done by the industry, government and academia to resolve the infosec skills crisis, asks Phil Muncaster.

SC Interview: Eric Cole, founder and CEO of Secure Anchor

SC Interview: Eric Cole, founder and CEO of Secure Anchor

Dr Eric Cole, founder and CEO of US security consultancy Secure Anchor, speaks exclusively to Dan Raywood about the key issues facing his clients - and why the security industry needs to put its words into practice.

Raising the standard

Raising the standard

In the current economic climate, computer networks are being relied upon more than ever by UK businesses. But how is this affecting our cyber security, and in turn, our profits?

Sign up to our newsletters