Supply chain and breach response troubles haunt UK CISOs

Supply chain and breach response troubles haunt UK CISOs

UK Chief Information Security Officers (CISOs) are winning some battles and losing others when it comes to improving their firm's information security practices, according to a new report.

Updated: Hackers blow the doors off Hacking Team, expose 400GB confidential data

Updated: Hackers blow the doors off Hacking Team, expose 400GB confidential data

Italy's Hacking Team, an alleged practitioner in the dark art of citizen surveillance, has reportedly been subjected to a severe hack itself.

FBI offers $4.2m in bounties to catch cybercriminals

FBI offers $4.2m in bounties to catch cybercriminals

First prize goes to whoever can locate Gameover Zeus instigator, Evgeniy Mikhailovich Bogachev, worth a £2 million reward from the FBI.

Plex video sharing customers left at risk after hack attack

Plex video sharing customers left at risk after hack attack

Users of the video-sharing site Plex have been left vulnerable to an attack after the company revealed that members' passwords had been compromised.

Leaked document reveals internal Bitstamp Bitcoin raid investigation

Leaked document reveals internal Bitstamp Bitcoin raid investigation

A confidential leaked document from Bitstamp details how the Bitcoin trader was hacked and how the crime has been investigated.

Can Bitcoin-based Enigma encryption succeed where HE has failed?

Can Bitcoin-based Enigma encryption succeed where HE has failed?

Resolving how to speed up Homomorphic Encryption - via a simulated version called Enigma.

LG pledges to fix Android smart phone vulnerability

LG pledges to fix Android smart phone vulnerability

LG appears to have changed its mind about patching a security flaw in its Android smart phones which was discovered by security researchers last year.

Amazon launches open source TLS implementation "s2n"

Amazon launches open source TLS implementation "s2n"

Amazon manages to cram OpenSSL alternative into just 6,000 lines of code

Information Commissioner report reveals need for greater action

Information Commissioner report reveals need for greater action

If the Information Commissioner's Office is to be more aggressive regarding data breaches, it will need more investment.

Letter to the editor

Confidence in antivirus falls to all-time low

Confidence in antivirus falls to all-time low

More than 125 security professionals were asked about the greatest risks that organisations face today as well as the influence of various solutions and architectures.

Unencrypted GoPro updates leave users vulnerable to attack

Unencrypted GoPro updates leave users vulnerable to attack

GoPro Studio tool sends update requests, receives updates as unencrypted traffic

Apple fixes dozens of vulnerabilities in iOS and OS X

Apple fixes dozens of vulnerabilities in iOS and OS X

Security flaws would have allowed remote code execution and Man-in-the-Middle attacks

Updated: Cisco Systems moves to buy OpenDNS for £405m

Updated: Cisco Systems moves to buy OpenDNS for £405m

The news that Cisco Systems intends to buy OpenDNS for $635 million (£405 million) raises questions about the company's strategy regarding cloud and IoT security.

Tor network exit nodes found to be sniffing passing traffic

Tor network exit nodes found to be sniffing passing traffic

If you are routing your traffic through the Tor network, don't make the assumption that it is always providing end-to-end security.

US still lags on chip and pin for card security

US still lags on chip and pin for card security

Speaking at a US Federal Reserve conference in Missouri, Jerome Powell called EMV card deployment a step forward but questioned the security of cards that use signatures, not PINs, for authentication.

Movers and makers: July-August 2015

Movers and makers: July-August 2015

Recent updates on the people and organisations that make up the information security industry

2 minutes on: Duqu 2.0: a massive advance

2 minutes on: Duqu 2.0: a massive advance

As APT sophistication grows we're all at risk - even security vendors

Debate: IT Security's male image and lack of female role models are the main reasons for the scarcity of women in the industry

Debate: IT Security's male image and lack of female role models are the main reasons for the scarcity of women in the industry

Phyllis Kolmus and Ryan Corey discuss the lack of female role models and its affects in the IT security industry.

Malwarebytes offer amnesty to pirates with free software

Malwarebytes offer amnesty to pirates with free software

Keygen-activated or cracked versions of anti-virus software won't last long

eBay e-commerce platform under attack

eBay e-commerce platform under attack

A new credit card-stealing attack is underway on the eBay Magento e-commerce platform, which is used by more than 240,000 businesses worldwide.

VPN services at risk from IPv6 vulnerability

VPN services at risk from IPv6 vulnerability

Users who have opted for a VPN service could be at risk from hackers thanks to the way that providers handle IPv6 traffic.

Cisco addresses default SSH keys in multiple products

Cisco addresses default SSH keys in multiple products

Software updates were released for Cisco Web Security Virtual Appliance, Cisco Email Security Virtual Appliance, and Cisco Security Management Virtual Appliance.

Cloud storage—the security risks and distrust toward computing

Cloud storage—the security risks and distrust toward computing

Surveys reveal the security risks of cloud storage and computing. Professionals cannot determine types of data.

Updated: Time to disconnect the microphone?

Updated: Time to disconnect the microphone?

Chrome and the open source variant Chromium were downloading audio listening software without permission, not in the extensions list, and with audio set to 'enable'.

One third of UK companies beset by ransomware

One third of UK companies beset by ransomware

Hackers exploiting Flash vulnerability to infect machines with Ransomware

Banking industry pins its hopes on new dot-bank TLD

Banking industry pins its hopes on new dot-bank TLD

It's hoped that a new TLD will revolutionise online bank security, but time will only tell if it will gain traction with the industry and the public.

Updated: 97% of malicious mobile malware targets Android

Updated: 97% of malicious mobile malware targets Android

While 97 percent of mobile malware threats aim at Android, iOS isn't left untouched

FBI 'alerts world' on cryptographic ransomware spread

FBI 'alerts world' on cryptographic ransomware spread

Criminal gangs and even ties to state actors can be behind ransomware, and the problem is growing, so ensure its factored in your information security plans.

Quantum leap: Untangling Toshiba's 'unbreakable' encryption

Quantum leap: Untangling Toshiba's 'unbreakable' encryption

Claims Toshiba is developing secure quantum cryptography should be taken with a quantum of salt say several cyber-security experts.

61% of critical infrastructure execs 'could detect attack in less than a day'

61% of critical infrastructure execs 'could detect attack in less than a day'

A majority of critical infrastructure executives believe their systems appeal to cyber-criminals, but also that they could detect any attack according to Tripwire findings just published.

Samsung denies disabling Windows Update on its laptop models

Samsung denies disabling Windows Update on its laptop models

Samsung has refuted claims that it put users at risk from hacking by disabling Windows Update on its laptops.

All ESET AV products hit by major flaw

All ESET AV products hit by major flaw

A critical defect in ESET's flagship anti-virus products has been discovered by British Google Project Zero researcher Tavis Ormandy.

Harmonised EU data protection and fines by the end of the year

Harmonised EU data protection and fines by the end of the year

Harmonised EU data protection reform should be in place by the end of this year according to representatives at a 'trilogue' meeting of the European Parliament, the European Commission and the council of national justice ministers yesterday.

Firms track Dyre's rise to top financial malware threat

Firms track Dyre's rise to top financial malware threat

In the year following Gameover Zeus takedown efforts, Dyre has steadily emerged as the financial trojan of choice among cyber-criminals.

MacKeeper flaw enables attacker to run code with admin rights

MacKeeper flaw enables attacker to run code with admin rights

A serious vulnerability has been discovered with the MacKeeper utility program which would enable an attacker to encode executable instructions in a URL link.

UK cyber-crime exceeds £16 billion losses, with mobile malware a major threat

UK cyber-crime exceeds £16 billion losses, with mobile malware a major threat

Cyber-crime and cyber-enabled crimes figure highly in the latest annual National Strategic Assessment (NSA), an analysis by the National Crime Agency of serious and organised crime threats affecting the UK.

Time to abandon Flash? Hit by zero-day once again

Time to abandon Flash? Hit by zero-day once again

Security industry calls on organisations to ditch vulnerable browser plug-in as yet another zero-day flaw hits flash

UK's Verify programme contains "severe privacy and security problems"

UK's Verify programme contains "severe privacy and security problems"

Government dismisses idea that its Verify identification technology can be used to monitor population.

GCHQ spies have been hacking anti-virus software

GCHQ spies have been hacking anti-virus software

Britain's Government Communication Headquarters (GCHQ) is actively engaged in reverse engineering anti-virus software to identify exploitable vulnerabilities.

Thousands of patients notified of breach, eight suspects indicted

Thousands of patients notified of breach, eight suspects indicted

Montefiore Health System announced that 12,517 patients had personal information compromised by a former employee between January 2013 and June 2013.

Facebook in court for claimed privacy violations

Facebook in court for claimed privacy violations

Belgian court case alleges privacy violations while regulatory concerns halt European deployment of face-recognition app by Facebook.

Israeli security researchers demo crypto key theft via radio leaks

Israeli security researchers demo crypto key theft via radio leaks

Encryption keys can be stolen via radio waves using cheap mobile equipment

Updated: Thousands of passengers grounded in Poland following cyber-attack

Updated: Thousands of passengers grounded in Poland following cyber-attack

Thousands of passengers were grounded in Warsaw, Poland last night following a cyber-attack on the computer networks of LOT Polish Airlines.

LinkedIn 'invitation-only' bug bounty programme pays out £41k

LinkedIn 'invitation-only' bug bounty programme pays out £41k

LinkedIn's director of information security confirms that its private bug bounty programme was formalised in October.

Apple CORED but ignored

Apple CORED but ignored

The apple CORED/XARA vulnerability remains unpatched but appears unexploited in the wild.

In Case You Missed It: German government and renewable power sector breaches, new regs due, and VoIP attacks rise

In Case You Missed It: German government and renewable power sector breaches, new regs due, and VoIP attacks rise

This week's In Case You Missed It looks at major German government breach, turbines attacked, nuclear talks targeted, EU Data law looms larger and finally VoIP due an upgrade.

SANS launches aptitude test for would-be cyber sleuths

SANS launches aptitude test for would-be cyber sleuths

Online quiz analyses applicants cyber potential, £30k scholarships up for grabs

Updated: Millions of mobile app users threatened by lax security coding flaw

Updated: Millions of mobile app users threatened by lax security coding flaw

A team of German researchers claims to have uncovered poor programming practice that is exposing thousands of mobile apps to data breaches.

US senators propose bill to ban warrantless federal aerial surveillance

US lawmakers proposed "Protecting Individuals from Mass Aerial Surveillance Act" on Wednesday to require federal authorities to obtain warrants to conduct aerial surveillance.

Ukraine invests US$1 billion in secure IT & mobile network

Ukraine invests US$1 billion in secure IT & mobile network

A new specially protected communications channel and mobile network is planned for the Ukraine military and government following military losses attributed to intercepted communications.

Researchers call time on poor VoIP server security

Researchers call time on poor VoIP server security

Voice over IP attacks are on the rise because of the proliferation of online tools and software which can target these services.

Updated: Video - MWR InfoSecurity consultants and a few guests go to 'jail'

Updated: Video - MWR InfoSecurity consultants and a few guests go to 'jail'

Eighty-six IT professionals were guests of RC Prison Ashwell last weekend while they tried to figure out who among their number betrayed them.

Samsung keyboard vulnerability exposes triple whammy mobile flaw

Samsung keyboard vulnerability exposes triple whammy mobile flaw

Researchers at NowSecure have uncovered a vulnerability in the stock keyboard that is pre-installed on 600 million Samsung devices, including the new Galaxy S6, that can apparently enable a remote arbitrary code execution attack.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US