ICYMI: Symantec cert fraud; FSB arrest; Lloyds DDoS; Salary survey; Scada vulnerabilities

News by SC Staff

In Case You Missed It: Symantec illegal certs; Kaspersky employee arrest; Lloyds DdoS, SC 2017 salary survey; GE Scada vulnerabilities

Symantec caught issuing illegal certificates for second time in two years

Independent researcher Andrew Ayer spotted Symantec once again improperly issuing 108 invalidated transport layer security certificates.

The credentials were in strict violation of industry guidelines with nine of the improper certificates reportedly issued without the knowledge or permission of the affected domain orders and 99 were issued to companies with data that was obviously fraudulent, according to 19 January blog post. More....

Kaspersky Lab employee arrested by Russia's FSB on charges of treason

Ruslan Stoyanov who was investigating a senior figure within the Russian FSB, who was allegedly receiving money from foreign organisations to assist in cyber-investigations. Ruslan Stoyanov, head of cyber-investigations at Kaspersky Lab, was arrested on suspicion of committing treason. A senior Russian FSB intelligence officer was also arrested under the same charges.

According to Russian news website Kommersant, Stoyanov has been in custody since December 2016. Sergei Mikhailov, a senior officer in the FSB who deals with internet service companies, was also arrested.  More....

Lloyds Banking Group reportedly hit with Denial of Service attack

Lloyd's Banking Group (LBG) was reportedly hit with a cyber-attack several weeks ago, which intermittently prevented customers from accessing accounts. LBG has refused to ‘speculate' on the nature of the outages.

Customers were subject to intermittent outages to online banking which lasted two days between the morning of 11 January and the afternoon of the 13th. Affected customers were reportedly blocked from their online banking accounts which prevented them from making payments or viewing their account balances. More.... 

SC 2017 salary survey: analyst, pen tester, bank CISO, £25k to £500k

SC has interviewed some of the leading recruitment firms in the sector for its IT security salary survey which sheds light on the state of play in terms of hiring and remuneration. Our IT security salary survey has revealed that salaries for infosec professionals have risen over the last twelve months by around six percent. Karla Joblin, director at recruitment firm Beecher Madden says that demand is increasing as more companies build cyber-teams to fight ever more data breaches and other security incidents.

“Demand is part of the reason for the increase in salaries but the other factor is a focus on the quality of candidates. Many companies who already have cyber-defence teams will now pay a premium, but only for the best people,” she says. More.... 

Vulnerabilities found in GE SCADA systems, password interception possible

GE plugs vulnerability in SCADA systems that could have allowed attackers to intercept passwords and disrupt utilities and factory operations.

Just how much of a threat are ICS under? Positive Technologies has announced it has found three vulnerabilities in GE SCADA software which can allow for the interception and abuse of passwords by criminals. The vulnerabilities, CVE-2016-9360, have been given the CVSS v3 score 6.4. More....

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews