SC has published the full lists of finalists for SC Awards 2017 Europe. Winners will be revealed at the Awards Night on Tuesday 6 June.
Update: Hackers threaten to wipe iPhones following iCloud breach
Apple is reportedly in the grip of a very public extortion attempt, with the blackmailers promising to wipe 200 million iCloud accounts and reset the iPhones to factory default if they do not receive tens of thousands of dollars.
The hackers claim to have access to hundreds of million iCloud accounts which they've promised to use to reset customers' iPhones if they do not receive US $75,000 (£60,000) in bitcoin, or US $100,000 (£80,000) in iTunes gift cards by 7 April. [read more]
Trump announces $1.5bn for cyber-security and critical infrastructure
Donald Trump's first federal budget puts forward US $1.5 billion (£1.2 billion) for cyber-security to protect the federal government and US critical infrastructure. The sum is to be allotted to the Department of Homeland Security (DHS), the cabinet-level department of the United States government with responsibility for public security.
The pledge was announced on Thursday in a budget blueprint entitled America First - A Budget Blueprint to Make America Great Again. The budget intends to allow the DHS to share more threat intelligence with federal agencies and the private sector, “through a suite of advanced cyber security tools and more assertive defence of Government networks”. [read more]
Overcoming the cyber-security skills gap: experience vs qualifications
When it comes to overcoming the cyber-security skills gap, experience has been shown to be more important than people getting degrees and certifications.
At the recent RSA Conference, FireMon surveyed the attitudes of 350 IT security professionals towards the skills shortage. The research revealed that when it comes to hiring, 93 percent of respondents think experience is more important than qualifications. Furthermore, 73 percent said that it didn't matter whether IT staff were college graduates when it came to getting the job done. [read more]
20-year-old flaw found in Ubiquiti networking gear running ancient PHP
Security researchers have discovered an unpatched vulnerability in some networking equipment from Ubiquiti that could allow hackers to gain control of the devices, or use them as an entry point to attack other nearby devices. The flaw was found by SEC Consult, and worryingly, is still unpatched as talks between the security firm and Ubiquiti broke down in January.
In a security advisory, SEC Consult said that the vulnerability enables an attacker to inject arbitrary commands into the web-based administration interface of affected devices. The command injection vulnerability was found in "pingtest_action.cgi". This script is vulnerable since it is possible to inject a value of a variable, according to the security firm. It added that one reasons for this was the use of PHP 2.0.1, which is 20 years old and lacks security features found in later versions. [read more]