ICYMI: Barclays beefs up security, AVs vulnerable to Freak & getting InfoSec right
ICYMI: Barclays beefs up security, AVs vulnerable to Freak & getting InfoSec right

Exclusive: Barclays builds out security team with second Europol hire

Paul Gillen, head of operations at Europol's European Cybercrime Centre (EC3), will leave his position to take up a similar title at UK bank Barclays.

Speaking to SCMagazineUK.com last weekend, Gillen confirmed that he is leaving in June to take up the role of managing director of cyber operations at the bank, which only recently hired Gillen's former boss, Troels Oerting, as group chief information security officer (CISO).

The new job is London-based and Gillen said it represents an ‘exciting' challenge to move into private sector after 32 years in the police. Prior to joining EC3, Gillen worked for the Garda Síochána (Irish Police Service), where he was most recently head of the Computer Crime Investigation Unit (CCIU).

Kaspersky leaves users open to FREAK attack

All the anti-virus applications checked - Avast, Kaspersky and ESET - lower the security of TLS connections in one way or another says Hanno Bock.

Kaspersky is rushing to fix a weakness in its anti-virus software that exposes users to the ‘FREAK' cyber-attack.

The problem was revealed last Sunday by German security blogger and journalist Hanno Bock, who called Kaspersky “extremely irresponsible”.

Bock said that Kaspersky and other AV apps lower the security of websites when they check their encrypted traffic - because they create a TLS connection and certificate when they intercept such traffic, but typically fail to do so in a secure way.

TLS (Transport Layer Security) is the successor encryption protocol to SSL, designed to protect communications over the web.

“I had a closer look at three apps - Avast, Kaspersky and ESET,” Bock said. “All the anti-virus applications I checked lower the security of TLS connections in one way or another.”

Ignore cyber fears and get the basics right, say InfoSec experts

For all the talk of cyber-warfare and black-hat hackers, most information security experts still get the basics wrong, said speakers at today's 44CON conference in London.

In recent months, there have been various reports on Russian, Chinese and Iranian state actors being behind a range of Advanced Persistent Threat (APT) campaigns, doing everything from stealing IP and financial records to accessing Barack Obama's emails, as discovered just earlier this week. Also this week, one expert warned that the British Rail network could be hacked by clandestine hackers.

But at 44CON in London earlier this week, cyber-security experts Quentyn Taylor, head of information security at Canon EMEA, and Dr Jessica Barker, an independent consultant, said that the threat is often overstated, with human errors remaining far and away the biggest concern.

In his presentation on ‘Not following the herd – how to make your voice matter in the corporate world', Taylor pointed to Verizon's DBIR report as proof that the basics, like patching, are still not done in the right way.

“It's fashionable to focus on the black swan events like cyber-espionage but we ignore the fact that patching is generally done very, very poorly. The basics are absolutely being forgotten and there is a mentality to focus on new things.”

Is your cyber insurance fit for purpose?

In the latest thought leadership piece on SC, Nettitude CEO Rowland Johnson says that due to complexities of IT security, achieving clarity on cyber-insurance policies is going to be a growing challenge.

Magento flaw immediately exploited

Merely hours after a critical flaw in eBay's e-commerce platform, Magento was disclosed, cyber-criminals pounced on the vulnerability, attempting to hijack online shops, stealing credit card information and potentially taking full control of Magento sites.

Detailing the attack scenario, analysts at Sucuri show that, given the present flaw, hackers are able to exploit the SQL injection vulnerability, thereby creating administrator accounts, named vpwq or defaultmanager, on the vulnerable platform. According to Sucuri's analysis, at least some of the attacks have been traced to Russian IP addresses.

As many as 140,000 sites remain vulnerable and nearly 100,000 magento platforms are still unpatched, Magento hosting company, The Byte, reported last week.